Situation:
login_destination is configured to redirect all logins to $url. User X uses Drupal's "get new password" feature to obtain a one-time login link via email, for resetting his password. User clicks that link, is directed to the "Reset password" page, and clicks the "Log in" button on that page. What happens next?

Expected:
User should be directed to /user/$userid/edit to be prompted immediately to reset password.

Actual behavior:
User is redirected to $url by login_destination.

Workaround:
Under /admin/user/login_destination, in the fieldset "Redirect condition settings," set the radio-button option to "PHP snippet", and enter this PHP code in the "Redirect condition" textarea:

      if (arg(0) == 'user' && arg(1) == 'reset') {
        return false;
      } else {
        return true;
      }

This works by checking for the path of the user-password-reset feature, and, if found, tells login_destination not to redirect the user.

Suggested fix:
Incorporate similar -- probably more elegant -- logic into login_destination.module, rather than requiring system admins to reverse engineer this Drupal core feature.

BTW, thanks to rsvelko for a great and useful module.

Comments

TwoMice’s picture

TwoMice commented

Forgot to mention: this problem occurs even with the "Preserve destination" setting turned on.

rsvelko’s picture

rsvelko commented
Issue tags: +ToDo

ok this one is important. todo-ing it.

rsvelko’s picture

rsvelko commented
Status: Active » Fixed

fixed in 2.6 - try it when it is out today.

I tested it once and it works.

Status: Fixed » Closed (fixed)
Issue tags: -ToDo

Automatically closed -- issue fixed for 2 weeks with no activity.

Issue tags: +ToDo

Restoring issue tags, see #2125755: System messages removed all issue tags during D7 upgrade.