I just tested sending out the password recovery from a customer record subscribed to a secure zone (on a trial site). The email goes out fine with the link for the customer to set the new password... all fine, only problem is when you set the new password from the token link the same error always comes up..
ERROR: Your password reset token has expired. Please request a new one by filling in the form below.
I tried a few times, so there's no way it could be timing out? What's happening here?
I have tried on a few different BC sites now and all having the same problem. It just keeps giving you an error.
Has anyone else experienced this issue? Does it have something to do with when BC did an update on the password retrieval system?
Surely there must be someone out there who has this implemented on a BC site for a secure zone? If you do, you'd better check that it works, because as far as I can tell it doesn't work at all. I ended up taking out the password retrieval from my sites to save me the pain of dealing with complaints.
hmmm... will investigate further. I tried it from a few sites, all had the same problem.
I even started a new site using the old style BC template without making any changes at all to the code, and it didnt work.
Logged a ticket to get BC to check it. I have checked the user expiry dates. There seems no obvious reason why it is not working. Plain old vanilla style secured client on subscribe to a secure zone. Unsure if this impacts but the subscribe dates on all users by default shows on the client site I am looking at shows 1-Jan-9999. If you click in the subscribe date box, these change the date - it auto updates to 1-Jan-2099.
My case which I logged 05 Jul, has been escalated for further review, but to date I have no more details. I have provided a user where this is occuring on a live site, so maybe an answer in the coming days.
I'm not sure how you open the links received over the email for password reset but in case you are using copy/paste please make sure you don't select the dot (.) following the link. In case you do that you will receive indeed the error mentioned in the post starting this thread even if when pasting the address the loading page will contain both fields (new and confirm) to set the password.
After a thorough review of this by tech support nothing was able to be diagnosed. @Cristian - thank you, I have asked the client this question about the (.) dot at the end of the reset link and if the user is cutting and pasting the reset link including the dot/full stop. @Fubals, @ooly_dev - can you check with users if they are cutting and pasting the url for reset with the dot (.)?
Further to the trailing dot.... (.) edit this out in System Email messages from "Password Retrieve Email" AND "Secure Zone Details" template just to ensure users don't cut and paste the trailing dot.