By EnekoAlonso-1 on
I have a weird issue where uses on my drupal installation are not able to recover their password. After going through the password recovery process and getting the email, users get an Access Denied when trying to log back into the site.
I haven't been able to reproduce the issue, with a couple of test users I have. But I get dozens of emails every week with this issue and I have no idea how to solve it. I've looked in the forums but haven't found anything.
Any ideas?
Comments
=-=
are these users having this issue sure they are logged out first?
Not sure how can they logout
Not sure how can they logout without being able to log into the site.
It happens that Drupal generates the password when a user creates an account. If their cookie expires and they forgot the password, when they click on recover password and then click on the link sent in the email, they get an Access Denied error.
=-=
session lifetime could keep a user logged in, even after a browser is closed.
Though based on the follow up information that isn't likely the issue.
I can't recreate the issue on any of my installs of 6.15 , Therefore I'd start looking at contrib modules as a possible cause and begin debugging by copying my database to a test site and disabling modules one at a time. If necessary, I'd build a fresh install and begin adding modules one at a time to see if the issue can be narrowed down.
Hi again, thanks for the
Hi again, thanks for the help. I haven't had a chance to reproduce the problem yet, but I still get a few users every day with this issue.
Any suggestions where could the problem be to get an access denied error? Node Access table? In which case will Drupal report and Access Denied error after clicking the on time login recover password link? In case it has expired?
Ok, I got something. Testing
Ok, I got something. Testing with multiple accounts, happened that after getting the email to recover the password for User 1, I clicked that email on a browser being logged in with a different user, User 2. Here is the message I saw at the top:
So it looks like the link generator is not working well. Either that, or there is an issue with the timeoffset of the server (looks like the onetime login has a timestamp in the url).
Here is the link I just clicked:
http://www.spaniards.es/user/reset/986/1266901987/80c136ed761c4a44bd14fa...
Now, I tested the link on two browsers not logged in, and it seems to work fine. I see this message:
I'm going to go ahead and login to invalidate the link above. It worked fine, as expected, logging me in on the first browser and sending me back to the password recovery page on the second browser.
Any ideas? This is the closest I have been to reproduce the problem, but I have never actually got the Access Denied error.
Made this an issue:
Made this an issue: http://drupal.org/node/722732
Still this issue is
Still this issue is happening. I have created a script to manually reset user passwords as soon as I get an email from them. But it's a pain in the ass. I have changed my site settings to not require email confirmation when creating accounts. Maybe this way they will put an easy password that they could remember.
I'll keep investigating the issue. Any help would be very appreciated.
I had the same issue and it
I had the same issue and it turned out to be Firefox. Firefox saves active log in session with the tab plus module. Once you clear the active log in and sessions all works fine. To check this try and log in with a different browser than your normal default one.
Firefox guilty!?
First, my apologies... I haven't seen this answer before.
I've been looking at this issue today and I have been able to reproduce it with Firefox 4: got the Access denied every time I tried to recover my password. After reading this comment about Firefox (couldn't I have read it one year ago?), I tried in Safari and boom!, no problem, I was able to access my user profile after using the one-time login link.
I have no idea why this happens on Firefox, I have no other extensions than Web Developer, Firebug and Firecookie. But knowing that this happens to a lot of our community users, I assume it's a problem in Firefox itself.
Any ideas?
Thanks!
I am having the same problem with Safari and Firefox
I was hopeful that the Firefox guidance would solve this problem, but I am still running into the problem none-the-less.