As per #784942: Hide login form 'Request New Password' link when only 'verifying' password, authenticated users cannot access the 'Request New Password' page, and so a user logged in via PL will not be able to reset their password if forced to re-authenticate (unless they log out).

D7 core allows logged in users to reset their password, and the same functionality should be backported to 6.x

Comments

gapple’s picture

I believe this could be accomplished by applying a form_alter on the user_pass form to emulate the conditional in D7 core.
http://api.drupal.org/api/drupal/modules--user--user.pages.inc/function/...

gapple’s picture

Status: Active » Closed (won't fix)

I don't think it is worthwhile to invest time on this in 6.x anymore.

I would be glad to accept patches if anyone else want's to take this on, however.