Password Reset Functionality bug(?) - anyone seen this

Permalink
Hi,
on a website (5.4.2.1) I've been working on there seems to be some intermittent issue with the password reset.

Occasionally when the user clicks on the password reset link within the email the website cannot match the token.

I've checked in the login controller and at least at this stage all it appears to do is check the token is fresh enough (set for 7200 seconds) and that it actually matches.

Very occasionally - even though the 2 conditions are met the user is presented with the message
'Invalid Key. Please visit the forgot password page again to have a new key generated'

instead of the new password selection form.

In the logs it shows that the timestamps between the sent mail and the failed reset are within the requisite time and the tokens match (to a visual scrutinisation).

Anybody seen this before? Any pointers?

 
apellow replied on at Permalink Reply
apellow
I'm having the same problem as well. Would love some advice.