When a user login with one-time login token, then clicks around, this module redirects the user back to the profile page. However, because the one-time login token is not in the URL parameter anymore, the core AccountForm would require the user to type in the "Current password", which the user might not have. Therefore, the user cannot save the form, but request another one-time login token.
The UX is worse, when the site is configured to "Require email verification when a visitor creates an account", in which the user only sets the password after they login with one-time token. Therefore, if the redirect happens, the user cannot save the form without the current password.
Check the user session, if there is pass_reset_USER_ID, then we redirect the user to the profile page with the one-time token.
Fixed
1.0
Code
Not all content is available!
It's likely this issue predates Contrib.social: some issue and comment data are missing.
The pass_reset_UID never seems to be in the session so this isn't working for me. Am I missing something, or maybe there was a change to core that removes it from the $_SESSION?
Maybe it's core related. Which Drupal version do you use? You can create new issue for this