Proposal - CiviCRM contact checksum expires is too short and users receive no feedback when a CiviCRM URL has an expired checksum token
User receives no feedback when clicking on a CiviCRM URL with an expired contact checksum token. CiviCRM will display the CiviCRM page without "logging in" the user and no notice.
If a membership reminder is sent to a user, they click on the link to go and renew on their membership page, then the membership page will display but without their contact and membership details loaded. The user then has to decide: How do I login? This might not be obvious on the website or not enabled at all. Do I complete the membership form anew? A new membership is created. Do I just leave this system and go walk the dog instead - the membership can expire? Membership is lost. Do I contact the organisation? Involve more people and wasting more time.
For the above, a similar process can happen for emails sent out for event registration, donation, profile updates etc.
Related to this problem is the default CiviCRM "Checksum Lifespan" (/civicrm/admin/setting/misc?reset=1) is defined as 7 days. This is far too short. This sets a time limit of 7 days for membership, event, donation etc. to be completed. If it's 8 days, that's too late - checksum expired! I think an improvement here is to also increase the default Checksum Lifespan to 30 days. So that CiviCRM provides the greatest opportunity for the targeted contacts to complete the transaction.
Agileware Ref: CIVICRM-800
Solution 1: Expired Checksum: Display an informative message on the page if the user has opened a CiviCRM page using a URL with an expired contact checksum. Message could be: "The link used to access the website has expired. Please contact us to obtain a new link"
A PR for this solution 1 has been submitted, https://github.com/civicrm/civicrm-core/pull/12260
Solution 2: Default Checksum Lifespan: Change this to 30 days.
No PR for solution 2 has been submitted yet.
Let's discuss these problems and the different approaches that could be used to solve them. Then we can work on the relevant PRs and submit for approval.