Documentation for Password Expiration Feature¶ ↑
The password expiration feature requires that users change their password on login if it has expired (default: every 90 days). You can force password expiration checks for all logged in users by adding the following code to your route block:
rodauth.require_current_password
Additionally, you can set a minimum amount of time after a password is changed until it can be changed again. By default this is not enabled, but it can be enabled by setting allow_password_change_after
to a positive number of seconds.
It is not recommended to use this feature unless you have a policy that requires it, as password expiration in general results in users chosing weaker passwords. When asked to change their password, many users choose a password that is based on their previous password, so forcing password expiration is in general a net loss from a security perspective.
Auth Value Methods¶ ↑
allow_password_change_after |
How long in seconds after the last password change until another password change is allowed (always allowed by default). |
password_change_needed_redirect |
Where to redirect if a password needs to be changed. |
password_changed_at_session_key |
The key in the session storing the timestamp the password was changed at. |
password_expiration_changed_at_column |
The column in the |
password_expiration_default |
If the last password change time for an account cannot be determined, whether to consider the account expired, false by default. |
password_expiration_error_flash |
The flash error to display when the account’s password has expired and needs to be changed. |
password_expiration_id_column |
The column in the |
password_expiration_table |
The table holding the password last changed timestamps. |
password_not_changeable_yet_error_flash |
The flash error to display when not enough time has elapsed since the last password change and an attempt is made to change the password. |
password_not_changeable_yet_redirect |
Where to redirect if the password cannot be changed yet. |
require_password_change_after |
How long in seconds until a password change is required (90 days by default). |
Auth Methods¶ ↑
password_expired? |
Whether the password has expired for the related account. |
update_password_changed_at |
Update the password last changed timestamp for the current account. |