Password Reset Not Working

[Ken]

Our password reset tool sends out a link to the user's email but when they go to the URL it just takes them back to the login page and not a password reset page.  Is anybody else experiencing this? 

[cloudrck]

No works fine for me.

 

What is your OS and Webserver

Do you  have the rewrite rules set? What URL is sent in the email?

[Ken]

  On 10/11/2013 at 6:54 PM, cloudrck said:

No works fine for me.

 

What is your OS and Webserver

Do you  have the rewrite rules set? What URL is sent in the email?

 

I believe it's from our directory being overwritten with a full install rather than the patch version by mistake.  I'm not entirely sure what this changes but does anyone know how to correct the issue?

[Tyson]

What URL is sent in the password reset email?

[Ken]

/client/login/confirmreset/?sid=yiP%2FhCTK2DXKb5isw3gXS8UH5Py6Kr99NxUTbXNPdkoiLXAACNWjql7md97XLEZw

[Tyson]

Are you using an HTTP redirect to HTTPS in your .htaccess? If so, can you show us what your rule looks like? The URL may be re-encoded, changing it such that the sid can no longer be decrypted, causing the sid to be determined invalid, and thus redirecting back to the login page.

[Ken]

Simply over looked that.  Email URLs are http not https.  So that's just a matter of changing the templates.

 

RewriteCond %{SERVER_PORT} !^443$

RewriteRule ^(.*)$ https://mydomain.com/$1 [R=301,L]

 

Is what we currently have in place.

[Ken]

After modifying the rewrite rule it redirects properly now.

 

RewriteCond %{HTTPS} !=on

RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [R=307,NE,L]