Ownership proof record is not valid for 24 hours (Documentation needs to be updated) #53

Open
opened 8 months ago by carey · 1 comments
carey commented 8 months ago

Yesterday I was trying to register domain and kept getting error though Ownership Proof record was generated just few hours earlier.

After few trials, I found that it's not true that "Ownership proof record is valid for 24 hours". Because when your session gets time out and you login again, new TXT record has been generated for you.

So only way I was able to get verification was by using the TXT record right after I logged into purelymail.com. And this worked because my session to purelymail.com was still valid.

It will be great if you guys update the documentation. IMHO, UI needs to be bit more friendly.

Thank you

Yesterday I was trying to register domain and kept getting error though Ownership Proof record was generated just few hours earlier. After few trials, I found that it's not true that "Ownership proof record is valid for 24 hours". Because when your session gets time out and you login again, new TXT record has been generated for you. So only way I was able to get verification was by using the TXT record right after I logged into purelymail.com. And this worked because my session to purelymail.com was still valid. It will be great if you guys update the documentation. IMHO, UI needs to be bit more friendly. Thank you
Owner

Hm, something must've went wrong.
The way that process basically works is that there's a generated token stored in a browser cookie that should actually be valid for 36 hours. It should be independent of your actual login. If that cookie is lost then the page doesn't know it's you who added it to the domain.

I might relax this so that the DNS record itself is always valid for 24 hours. It'd be a slight reduction in security (theoretically someone could add your domain in that window, though that seems unlikely) for convenience.

I do also plan to make the adding a domain process more guided :-)

Hm, something must've went wrong. The way that process basically works is that there's a generated token stored in a browser cookie that should actually be valid for 36 hours. It should be independent of your actual login. If that cookie is lost then the page doesn't know it's you who added it to the domain. I might relax this so that the DNS record itself is always valid for 24 hours. It'd be a slight reduction in security (theoretically someone could add your domain in that window, though that seems unlikely) for convenience. I do also plan to make the adding a domain process more guided :-)
Sign in to join this conversation.
No Milestone
No Assignees
2 Participants
Notifications
Due Date

No due date set.

Dependencies

This issue currently doesn't have any dependencies.

Loading…
There is no content yet.