You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@allura.apache.org by Dave Brondsema <da...@brondsema.net> on 2015/01/05 23:07:39 UTC
[allura:tickets] #7759 After resetting pwd and logging in,
don't redir back to pwd reset form
---
** [tickets:#7759] After resetting pwd and logging in, don't redir back to pwd reset form**
**Status:** closed
**Milestone:** asf_release_1.2.0
**Labels:** sf-1
**Created:** Fri Oct 10, 2014 06:40 PM UTC by Dave Brondsema
**Last Updated:** Tue Oct 14, 2014 12:08 PM UTC
**Owner:** Dave Brondsema
If you use a forgotten password reset form, e.g. URL /auth/forgotten_password/cc2ffdc2c20db368a1f3e4576159d9d2cc2c75b2 and change your password, then you go to the login page and the login form has a hidden `return_to` field set to `/auth/forgotten_password/cc2ffdc2c20db368a1f3e4576159d9d2cc2c75b2` That is not good, because then you'll end up going to that form again and get an error because the hash is already used. There should be no return_to in this situation.
---
Sent from forge-allura.apache.org because dev@allura.apache.org is subscribed to https://forge-allura.apache.org/p/allura/tickets/
To unsubscribe from further messages, a project admin can change settings at https://forge-allura.apache.org/p/allura/admin/tickets/options. Or, if this is a mailing list, you can unsubscribe from the mailing list.