Unsubscribe link in digest mail always expired


(Sander Datema) #1

This happens on Meta. Got a digest mail on a test account. Tried to unsubscribe and got this error:

Error Unsubscribing

Sorry, we couldn’t unsubscribe you. It’s possible the link in your email has expired.


(Jeff Atwood) #2

Agree, I just got this when trying to unsubscribe from the digest as well from my alternate meta account. Digest was sent

Sat, Jul 12, 2014 at 6:19 AM

(it is Sunday 2:05 PM now)

@eviltrout can you take a look Monday first thing? I hate to think that every Discourse has broken digest unsubscribe…


(Sam Saffron) #3

I think we should not be expiring these links in the first place. The design is that they should be stored with a 1 week expiry in redis. I don’t think that is correct, these expiry links should work permanently we should probably just store the key in a table.

Its kind of sucky that you would be cleaning up your email a week later and can’t unsubscribe from stuff.


(Jeff Atwood) #4

This is not a week old URL, this is an URL from Saturday July 12th. Today is Sunday July 13th.

This is an URL from ~24 hours ago at most.


(Robin Ward) #5

I just tested this locally and it’s not as bad as it seems – there is a check in the code that ensures that you are logged in as the person who the key belongs to. If not, it considers the unsubscribe a mistake and does nothing.

If you try as incognito or while logged out the unsubscribe link does work as advertised.

Looks like I was the one who wrote that check – perhaps it is too stringent? Should we remove it or add a message that says “We can’t unsubscribe that account while logged in as XXX”?


(Jeff Atwood) #6

OK great!

Two things then

  1. Improve copy there so it is clear you are logged in as another user and try again as incognito or logging out… at least give us the info. Telling us “hey stuff didn’t work!” just leads to support issues.

  2. The unsubscribe tokens for digest emails should be valid a lot longer than a week… months. We are sending out tons of these digest emails, they are on by default, and if we don’t have a realistic unsubscribe option that is very bad.


(Michael - DiscourseHosting.com) #7

One (annoying) detail, if the forum has login_required enabled, the link doesn’t work (without signing in).


(Sander Datema) #8

That might still be the problem. Cause I was logged in, as myself, and the link still didn’t work. But I also have login_required enabled.


(Robin Ward) #10

I’ve just pushed a fix to allow unsubscribing while logged out even when login_required is set:

https://github.com/discourse/discourse/commit/e20a8e6dea60deb179093d2c98850d47d58c616c


(Robin Ward) #11

I’ve improved the messaging if you are logged in as a different user. Additionally, I now include a link to your preferences page if the unsubscribe didn’t work so they have a path of what to do next. Finally I increased the expiry to 2 months from 1 week.

https://github.com/discourse/discourse/commit/f2dd35ab08f4bfcb7a5b77cfee2f96a647f8488e


(Jeff Atwood) #12