Ken Posted October 11, 2013 Report Share Posted October 11, 2013 Our password reset tool sends out a link to the user's email but when they go to the URL it just takes them back to the login page and not a password reset page. Is anybody else experiencing this? Quote Link to comment Share on other sites More sharing options...
0 Ken Posted October 12, 2013 Author Report Share Posted October 12, 2013 After modifying the rewrite rule it redirects properly now. RewriteCond %{HTTPS} !=on RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [R=307,NE,L] Quote Link to comment Share on other sites More sharing options...
0 cloudrck Posted October 11, 2013 Report Share Posted October 11, 2013 No works fine for me. What is your OS and Webserver Do you have the rewrite rules set? What URL is sent in the email? Quote Link to comment Share on other sites More sharing options...
0 Ken Posted October 11, 2013 Author Report Share Posted October 11, 2013 No works fine for me. What is your OS and Webserver Do you have the rewrite rules set? What URL is sent in the email? I believe it's from our directory being overwritten with a full install rather than the patch version by mistake. I'm not entirely sure what this changes but does anyone know how to correct the issue? Quote Link to comment Share on other sites More sharing options...
0 Tyson Posted October 11, 2013 Report Share Posted October 11, 2013 What URL is sent in the password reset email? Quote Link to comment Share on other sites More sharing options...
0 Ken Posted October 11, 2013 Author Report Share Posted October 11, 2013 /client/login/confirmreset/?sid=yiP%2FhCTK2DXKb5isw3gXS8UH5Py6Kr99NxUTbXNPdkoiLXAACNWjql7md97XLEZw Quote Link to comment Share on other sites More sharing options...
0 Tyson Posted October 11, 2013 Report Share Posted October 11, 2013 Are you using an HTTP redirect to HTTPS in your .htaccess? If so, can you show us what your rule looks like? The URL may be re-encoded, changing it such that the sid can no longer be decrypted, causing the sid to be determined invalid, and thus redirecting back to the login page. Quote Link to comment Share on other sites More sharing options...
0 Ken Posted October 11, 2013 Author Report Share Posted October 11, 2013 Simply over looked that. Email URLs are http not https. So that's just a matter of changing the templates. RewriteCond %{SERVER_PORT} !^443$ RewriteRule ^(.*)$ https://mydomain.com/$1 [R=301,L] Is what we currently have in place. Quote Link to comment Share on other sites More sharing options...
Question
Ken
Our password reset tool sends out a link to the user's email but when they go to the URL it just takes them back to the login page and not a password reset page. Is anybody else experiencing this?
Link to comment
Share on other sites
7 answers to this question
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.