Re: Password Reset links immediately not valid or expired

jonathan_1,

Open a ticket with support ([email protected]) and we can look into this for you. Please include a link to this thread within the body of your email.

Thank you,

Wayne

Re: Password Reset links immediately not valid or expired

Once the customer clicks on that link in the notification email it becomes invalid/expired as a new password has been provided at that point. The timeout value becomes null and void with that action.

Re: Password Reset links immediately not valid or expired

We have a huge number of customers that have this same problem. It's cost us enormous amounts of business as they quit out of frustration and don't come back. (yes we've submitted tickets in the past and no apparent solution was found)

They claim to get that same 'your password link you followed is not valid or expired' message without having first been taken to the accounts page with the temporary password.

This has been a problem ever since the system changed from sending the customer's password to them by email to resetting their password with a link and temporary password.

Re: Password Reset links immediately not valid or expired

I'm having this same issue. Not all the time, but regularly. Has anyone had any success resolving it?

Re: Password Reset links immediately not valid or expired

The standard Miva reply seems to be we've tested the system and can't find any bugs....which I don't doubt is true. The bug is there - they just haven't found it yet.

Re: Password Reset links immediately not valid or expired

We have had customers very frustrated with the password reset procedure. I have had 5 or 10 calls or emails about it in the last year or so. I think a lot of customers just give up. However, I am guessing they don't understand that once you click on the link, you have to request another email.

I have also had customers say once they click on the link nothing happens.

Re: Password Reset links immediately not valid or expired

Hi Soul-flower

I was able to reproduce this issue on your store when using Firefox for my browser (and only Firefox). Specifically the following error is logged when viewing your site

“The page was reloaded, because the character encoding declaration of the HTML document was not found when prescanning the first 1024 bytes of the file. The encoding declaration needs to be moved to be within the first 1024 bytes of the file.”

Reading through the html source on that page I found that you have this line within the head tag

meta http-equiv="Content-type" content="text/html; charset=utf-8"

I have now been able to set this up and reproduce this issue on my test server. I have found two ways to fix it.

1. in the stores HEAD Tag Content tab, move the line [meta http-equiv="Content-type" content="text/html; charset=utf-8"] closer to the top
2. specify the character set to be UTF-8 on the Edit Store > Settings tab

Hi blubbert

I was unable to reproduce this issue on your site “www.libraryanded.com” , if you know of a specific way to reproduce this issue on your site please let me know and I will look at it further.


Hi Fishman

Can you post the ticket number so I can look it up? Or if you can reproduce the issue you can take a look at my response to Soul-flower and see if the same thing is happening for you.

Hope this helps

-Eric

Re: Password Reset links immediately not valid or expired

Hi Eric,

I'll look into the advice you've given Soul-flower. I don't believe the issue for our customers is solely restricted to those using Firefox.

Here's the last ticket submitted for this issue. #TJJ-448-50637

Thanks

Re: Password Reset links immediately not valid or expired

Hi Fishman

Thank you for posting the ticket number, I was able to look it up. I then reset my customer password on south-stream-seafoods.com 5 times, using different browsers. Every time it worked correctly and I was able to see the temporary password and login with it.

Are you able to reproduce this issue on that store? If so can you send me steps to reproduce?

One thing that I can think of is that the default "reset password" email might not have enough information for some customers. You could try adding the following information to the email body to see if it reduces confusion.

1. Clicking the Link below will reset your password to a random value.
2. The link below is a USE ONCE ONLY item. It will not work a second time if you click it again.
3. After you login with the randomly generated password we recommend that you change your password again to something you can remember.

Hope this helps

-Eric

Re: Password Reset links immediately not valid or expired

Hi Eric,

I can't seem to replicate the problem. Everytime I try it works.

With some of the customers making the complaint, I'm sure they're doing something wrong or not following instructions. We've had other customers on the the phone and have walked them through the procedure and they continue to have problems. They're not all dummies so I don't know what the problem is.

Is it not possible to go back to the old system of sending people their passwords? It's less hassle for all concerned. Problem only started when this random number temporary password thing was instituted.

Rgds - Brad

Re: Password Reset links immediately not valid or expired

Brad,

No it's not possible, that's not acceptable from a security standpoint in a PCI world.

I have a client that is seeing this issue, even though sparsely as far as we can tell. When I test, I have no issues and cannot reproduce. However, I see the problem as potentially being the token inserted into the email. The token shared with me by the client:

Customer_PasswordResetToken=KUy18iQZdQ%2FsYjSc_uhA u1qpIZSd9hsjyzmvzSA_%2F5V48UOk

This doesn't look correct to me and is inconsistent with the recovery tokens being created in my testing. In my testing, I don't use Outlook. I know the client's link was initially viewed in Outlook. Is it possible the token is being rendered incorrectly in the email client, such as Outlook?

Scott

Also, on a side note, for the first time I've been requested to add instruction to the email with the reset token. Where does this template reside? This client's store is MMUI currently.

Scott

Hi Scott.

In an attempt to get lazy customers to actually follow the instructions in the reset email (and to make the fonts large enough for them to see and follow the instruction) I added an email message. You can find this under User Interface / Customer Password Reset.

Regards - Brad