You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@allura.apache.org by Dave Brondsema <da...@brondsema.net> on 2015/01/05 23:07:39 UTC

[allura:tickets] #7759 After resetting pwd and logging in, don't redir back to pwd reset form



---

** [tickets:#7759] After resetting pwd and logging in, don't redir back to pwd reset form**

**Status:** closed
**Milestone:** asf_release_1.2.0
**Labels:** sf-1 
**Created:** Fri Oct 10, 2014 06:40 PM UTC by Dave Brondsema
**Last Updated:** Tue Oct 14, 2014 12:08 PM UTC
**Owner:** Dave Brondsema

If you use a forgotten password reset form, e.g. URL /auth/forgotten_password/cc2ffdc2c20db368a1f3e4576159d9d2cc2c75b2 and change your password, then you go to the login page and the login form has a hidden `return_to` field set to `/auth/forgotten_password/cc2ffdc2c20db368a1f3e4576159d9d2cc2c75b2`  That is not good, because then you'll end up going to that form again and get an error because the hash is already used.  There should be no return_to in this situation.


---

Sent from forge-allura.apache.org because dev@allura.apache.org is subscribed to https://forge-allura.apache.org/p/allura/tickets/

To unsubscribe from further messages, a project admin can change settings at https://forge-allura.apache.org/p/allura/admin/tickets/options.  Or, if this is a mailing list, you can unsubscribe from the mailing list.