Hi @thegrbteam,
The error message is pretty obvious. For the debugging, you can extend the token lifetime (if there is a delay in email delivery).
If you have antivirus software for your inbox, you can temporarily disable it to see results. (Some antivirus software automatically clicks the URLs in the email to ensure the URL is safe; therefore it invalidates the token immediately)
I hope this helps!
Regards,
Thanks, this is surely Outlook checking the links. Is there any way to only make the token expire once the link is used to login? Link checking is really common for email providers at the moment. It’s really annoying as it messes up click tracking! Thanks in advance
Additionally – or perhaps the message should tell the user the link has been clicked and if this was unexpected to check inbox settings for link checking? Maybe overkill…
Thanks, this is surely Outlook checking the links. Is there any way to only make the token expire once the link is used to login?
Technically, there is no difference when you click on to link or outlook to simulate the click behavior. Both of them are just HTTP requests. We could intercept the request when it made from a specific IP address or based on the user agent, however it doesn’t seem practical to maintain that.
Link checking is really common for email providers at the moment. It’s really annoying as it messes up click tracking!
I’ve seen a couple of similar situations. @munikho has brought up another problem with a preview on mobile devices. – https://wordpress.org/support/topic/could-we-change-the-times-a-token-is-valid/
In order to address these problems, I’m working on something called “token validity”. You will be able to set how many times a token can be used.
Additionally – or perhaps the message should tell the user the link has been clicked and if this was unexpected to check inbox settings for link checking? Maybe overkill…
We don’t keep data for expired tokens. It’s overkill to implement such a feature because we have to store some sort of metadata to understand whether a link has been used or expired for some other reason.
Shortly, stay tuned. The next version (hope to release it soon) will address these problems 🙂
Hi @thegrbteam,
The new version of Magic Login is out! Now you can set token validity.
You can read the release post for detailed info: https://handyplugins.co/blog/magic-login-v1-8-token-validity/
I would appreciate it if you could leave a review here – https://wordpress.org/support/plugin/magic-login/reviews/
Cheers,
Works perfect! I’ve left a 5 star review. Good job.
