Password Reset Issues
I was at Lehman yesterday, doing outreach, and two Commons members needed to reset their passwords. Both had the same issue - the email sent to them had two url links - the first one was underlined, so they automatically clicked on that one, and it just returned them to the Commons Home page. The second url was actually the correct one. It was not underlined and was not clickable. They had to cut and paste it into the browser in order to reset their password.
#2 Updated by scott voth over 4 years ago
I don't know if you can look into the log - but if so, one was for Madeline Cohen. It could be that their email client was not set up to accept html. The urls were just that, really long urls. The second one was enclosed by < >, maybe the reason it did not render as a link? I was just looking over their shoulders, but it seemed like their wasn't that much to the confirmation email except for those 2 links.
#7 Updated by Boone Gorges over 4 years ago
One of two things is probably happening. One is that the receiving email server is filtering anchors in emails - I think that the GC's email server used to do this. This kind of filtering could potentially break the link. The other possibility is that the email client (in this case, it sounds like it's probably the web client, which is closely associated with the incoming email server) is mangling the <link in brackets>. Having a copy of the email would only really help in the first of these cases.
The critical piece of info here would be this: Exactly what happens when the link is clicked? Does it first try to visit one URL, but then redirect to another one? Another way of asking the question is: what URL shows in the browser status bar when hovering over the link?
For reference, the email content generated by the Commons on password reset looks like this:
Someone has requested a password reset for the following account: http://commons.gc.cuny.edu/ Username: teststudent If this was a mistake, just ignore this email and nothing will happen. To reset your password, visit the following address: <http://commons.gc.cuny.edu/wp-login.php?action=rp&key=Uu5OlakvJ6OZSTf7xi9C&login=teststudent>
There is only a single URL, and it's not natively a link - it's just between brackets. If there are two versions of the URL in the incoming email, it's likely a result of the email client doing same magic when it sees the bracketed URL.
#9 Updated by Boone Gorges over 3 years ago
- Assignee changed from Chris Stein to scott voth
Scott, did you manage to get a copy of the email sent, with an eye toward answering my question above? This feels like an important issue to address, though we currently don't have quite enough info to know exactly what might be happening.
#11 Updated by Boone Gorges over 3 years ago
- Status changed from New to Abandoned
Hi Scott - If they never responded, it suggests they don't need help anymore. I'm going to close this out, but let's be sure we reference back to this ticket if we hear more instances of password-reset links being mangled by email clients.