--- ** [tickets:#7759] After resetting pwd and logging in, don't redir back to pwd reset form** **Status:** closed **Milestone:** asf_release_1.2.0 **Labels:** sf-1 **Created:** Fri Oct 10, 2014 06:40 PM UTC by Dave Brondsema **Last Updated:** Tue Oct 14, 2014 12:08 PM UTC **Owner:** Dave Brondsema If you use a forgotten password reset form, e.g. URL /auth/forgotten_password/cc2ffdc2c20db368a1f3e4576159d9d2cc2c75b2 and change your password, then you go to the login page and the login form has a hidden `return_to` field set to `/auth/forgotten_password/cc2ffdc2c20db368a1f3e4576159d9d2cc2c75b2` That is not good, because then you'll end up going to that form again and get an error because the hash is already used. There should be no return_to in this situation. --- Sent from forge-allura.apache.org because dev@allura.apache.org is subscribed to https://forge-allura.apache.org/p/allura/tickets/ To unsubscribe from further messages, a project admin can change settings at https://forge-allura.apache.org/p/allura/admin/tickets/options. Or, if this is a mailing list, you can unsubscribe from the mailing list.
