Contrib.social

Password reset token lost on redirect

Open on Drupal.org →
Created on 9 February 2023, almost 2 years ago

Problem/Motivation

This a follow-up from Support password reset UX Fixed which is no longer working, possibly due to a core update.

Steps to reproduce

Same as the previous ticket:

When a user login with one-time login token, then clicks around, this module redirects the user back to the profile page. However, because the one-time login token is not in the URL parameter anymore, the core AccountForm would require the user to type in the "Current password", which the user might not have. Therefore, the user cannot save the form, but request another one-time login token.

Proposed resolution

I'm currently using Drupal Core 9.5.2.

I've taken a quick look into why it doesn't work anymore and it looks like the pass_reset_UID is not in the $_SESSION.

Would it be better to check the URL query? This would have the "pass-reset-token". I can create a patch if this is the right approach.

🐛 Bug report
Status

Active

Version

2.0

Component

Code

Created by

🇬🇧United Kingdom joekers UK

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

contrib.social Blog FAQ Discussions
Production build 0.71.5 2024