Your password reset link appears to be invalid. Please request a new link below.

Viewing 5 replies - 1 through 5 (of 5 total)
  • Thread Starter Harshad

    (@bornforphp)

    Any news on this?

    Plugin Author Jeff Farthing

    (@jfarthing84)

    Can you confirm via response headers that those pages are indeed not being cached?

    Taking over for Harshad here:

    Upon registration, the user doesn’t put in their email, since we have it set to Registration Type: Email only

    They then receive the email with the “to set your password….” link of:

    https://domain.com/resetpass/?key=cXF626JIB1drb0dMlmRp&login=test%40example.com

    Which then redirects them to:

    https://domain.com/lostpassword/?error=invalidkey

    Response headers are:

    Request URL: https://domain.com/resetpass/?key=cXF626JIB1drb0dMlmRp&login=test%40example.com
Status Code: 302
cache-control: no-cache, must-revalidate, max-age=0

    Then:

    Request URL: https://domain.com/resetpass/
Status Code: 302 
cache-control: no-cache, must-revalidate, max-age=0

    Then:

    https://domain.com/lostpassword/?error=invalidkey
Status Code: 200 
cache-control: no-cache, must-revalidate, max-age=0
    • This reply was modified 2 years, 1 month ago by Jon Fuller.

    I’ve done further testing, and it only happens when the Theme My Login Notifications addon is active, of which the ONLY thing we changed in there was to disable the “New User Admin Notification” email.

    • This reply was modified 2 years, 1 month ago by Jon Fuller.

    I’m having a similar issue with the lostpassword/?error=invalidkey

    It seems to happen when a user account was created via social logins.
    they are able to trigger an email to set a password using the entry box and button found on the lostpassword page.

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘Your password reset link appears to be invalid. Please request a new link below.’ is closed to new replies.