Expiry on Members confirmation email

We recently launched a new Ghost Pro blog and started using Members. Out of our first ~10 signups, we had 1 complaint that the subscribe button didn’t work and noticed another subscriber getting a ?/success=false message from Google Analytics.

It’s a very small sample but a 20% error rate was kind of concerning, so we contacted support. After some back and forth, it looks like the error was caused by a 10 minute expiry on the link in the confirmation email.

I realize there are security considerations when it comes to expiring confirmation links, but would it be possible to extend this window from 10 minutes to 4+ hours? I just feel like subscribers are likely to ignore the initial confirmation message after subscribing and not visit their inbox for hours before realizing they need to confirm.

Also, if a subscriber does miss the expiry window, it would be nice to show a meaningful error message saying their confirm link has expired and they need to resubscribe. Is it the responsibility of the theme to handle the messaging for these errors?

1 Like

Hi @Dane_Lyons,

Expiration time of transactional emails can be changed in a core file of ghost:

  • Open /ghost/versions/3.22.1/node_modules/@tryghost/magic-link/index.js

  • Search for arguments expiresIn: '10m' (10 Minutes)
    Formats are: 1m=1Minute / 1h=1Hour / 1d=1Day / 1y=1Year
    Expiration is mentioned 4 times in the file, you have to change all 4.

  • Restart ghost

important note: Updating Ghost, loads new core files, so you have to change expiration time after every ghost version update

Nice. Is there a way to configure this in Ghost Pro since we aren’t hosting our own Ghost instance?

I’m not sure.
I understand that you can’t access the core files.
Maybe ask if the file can be changed via ghost support?
Or host it yourself.

Thanks for the help. Self-hosting is tempting. Having access to more config options could be worth it down the road. Ideally we’d like to go with a simpler Ghost hosted solution for the first year so we can focus more on content and building an audience.

No worries.

I agree it’s a simple pro/con calculation.
DigitalOcean also offers a pre set up droplet with ghost.
That is fairly easy to maintain in the long run.
Set up a CDN like cloudflare infront and your good to go!

I ran into a few challenges when hosting previous versions of Ghost on DigitalOcean. These mostly were the result of trying to repurpose the software for a use case it wasn’t really designed for…so not really a Ghost or a DigitalOcean problem.

One of my motivations in not going that route is avoiding the temptation to hack. The minute we start self-hosting, I’ll just naturally look for things to tweak which I don’t really have time for currently.

1 Like

I just submitted a PR for extending the 10m default to 1d based on @daniel1’s suggestion above.