1 (edited by chrizz 2006-02-09 18:43)

Topic: New password validation (possible "bug")

Situation:

User requests new password (via the login page while the user is not logged in).

User logs in with old password and saves the login (cookies).

Users recieves email with new password activation link and visits the link.

Result: nothing happens. The password is not changed until the user loggs out and then visits the link.

This is confusing for many people and in my opinion users should be logged out when an valid activation link is visited.

2

Re: New password validation (possible "bug")

It's not a bug though is it? If you are logged in why would you request a new password....

Re: New password validation (possible "bug")

Noted.

"Programming is like sex: one mistake and you have to support it for the rest of your life."

Re: New password validation (possible "bug")

Elzar wrote:

It's not a bug though is it? If you are logged in why would you request a new password....

Well, people do all kind of stuff. Just becouse it's not likely or reasonable to do something you can bet that someone will do it anyway.