I have spent hours trying to make first time login flow easy for the users of our service.
It should go like this:
1) admin registers the user
2) the user gets the email with the one-time login link
3) when using the link, the user is asked to select a password (and very preferably nothing else)
4) right after this the user is redirected to one specific page
I have tried combinations of modules like rules, logintoboggan, password policy, force password change etc., but always something goes wrong. For example with password policy module the old password is asked for first time login or forgotten-password. Otherwise it would be ok solution.
It seems ridiculously hard to do when thinking that this is exactly what many (if not most) webservices need - it is 2013, you are not supposed to leave your users wondering on the lengthy profile page what to do next. Seriously, I bet if one checks how many users drop out from the current default first-time-login or forgotten-password flows, it is ridiculously high number. They go on clicking something else than the submit button down below the page (often below the fold).
Comments
=-=
3) passwords are part of the registration and profile entity. not sure how you will get around that being part of the process regardless of how much ranting you do. Though I suppose if you redirect the energy into a custom module you may get further.
forcing a destination on login see: http://drupal.org/project/login_destination
Sorry for the ranting part.
Sorry for the ranting part. Too much frustration after spending Saturday night with the issue. But I honestly think that quite a few services have this use-case / UI-flow poorly handled and they may not even understand the issue, so I was also trying to make a point. Custom module would benefit quite many, unfortunately I do not have the skills to make one that would be accepted for publication in drupal.org, so I will probably hack something that just barely meets my needs. Leaving tens of thousands of users to suffer from the issue (this is educated guess, I have background in UI planning).
I did a bit more searching.
I did a bit more searching. http://stackoverflow.com/questions/10965471/drupal-rules-one-time-login-... seems to cover the issue, indicating you can solve it with rules module.
With a little PHP coding,
With a little PHP coding, achievable in your themes template.php, you should be able to setup the redirect. hook_form_alter on the password reset form is what you will most likely need, and you can set the redirect url as part of the forms submit button.
You could also try ammending the URL that is sent in the emailby adding ?destination=xxxxxx on the end. That might work.
Rant or not, I agree with
Rant or not, I agree with the original poster. The user registration/one-time login/password reset system in Drupal is awful.
This system fails in many ways, for many people, but the biggest issue for me and my users is that when I create an account for a user and Drupal sends the email for them to log in, it ASKS them to change their password but does not FORCE them to do so. This is a huge oversight.
Most people don't follow the instructions, and unbelievably, Drupal lets them into the site without their choosing a new password, so they end up with an arbitrary password. Then the first time they log out and try to log back in they have no idea what their password is... because they never created one.
Like many people, I've used just about every combination of login and password modules that exist to try to solve this issue, but have yet to find a decent solution.
FWIW, I intend to find, and participate in, whatever group exists in the Drupal community to try to fix this broken system.
=-=
http://drupal.org/project/force_password_change seems to be where energy is directed at solving the issue you describe and are passionate about based on the following from the project page:
"Concept
This module allows administrators to force users, by role, individual user, or newly created user, to change their password on their next page load or login, and/or expire their passwords after a period of time."