Last post Apr 28, 2011 08:41 AM by Hopefully
Apr 26, 2011 03:16 PM|Hopefully|LINK
I forgot my password so I sent a request for a new one. I got this message back...
You requested that your password for the Asp.net website be sent to you via email. For security reasons, we have not emailed your password. Instead, to change your password, follow the link below which will take you to the change password page where you
can enter a new password:
Thanks for that, but it requires that I know my password to CHANGE my password! This has to have been like this for a while too. So I guess to get logged in, I'll just sent a request for a new password every time, get logged into the change area, and proceed
as if I had logged in, but it's sort of lame.
The way I do this on my site is to create a temporary one that expires after one use and send a link to the change password but the password is filled in for them.
Apr 27, 2011 09:16 AM|tmorton|LINK
Thanks for the report. That's not how the change password process is supposed to work; the old password should not be required. Is it possible that you use the link more than a couple of hours after it was generated?
Apr 28, 2011 08:41 AM|Hopefully|LINK
As it turned out, when I want back to the email later and went to the link it did work. It might be not fixed on one server in a cluster? Or it might take a minute for the process to work properly? Not sure why, but I saw it with my own eyes. The first
time it required a password to change it, and the second time (thank goodness I tried again) it worked as one would expect it too. Thanks for your reply.