Ticket #40 (closed defect: fixed)

Opened 7 years ago

Last modified 6 years ago

Password saving problems

Reported by: ed Owned by: john
Priority: critical Milestone:
Component: Drupal modules & settings Keywords:
Cc: Estimated Number of Hours: 0.0
Add Hours to Ticket: Billable?: no
Total Hours:

Description

password not saving and users being repeatedly locked out. this from jim belcher:

  1. Mac OS 10.5.8
  2. Safari
  3. i have never been able to just log in without asking for a new password.
  4. Clicking the link on the email, I would get in. the system recognized me as Jim Belcher. I would change my password and save. And the next time i tried to log in, i couldn't and would go through the same routine again.

~

Jim changed to FF and still had this problem. I think there is a big password handling issue going on. See also the confirmation link not working ticket.

Change History

comment:1 Changed 6 years ago by jim

  • Status changed from new to closed
  • Resolution set to worksforme

Sounds like user/computer error - this is the first I've heard of this across dozens of Drupal installs.

Closing for now until there is corroborating evidence from another user WITH exact instructions on how to reproduce.

comment:2 Changed 6 years ago by ed

  • Status changed from closed to reopened
  • Estimated Number of Hours set to 0.0
  • Resolution worksforme deleted
  • Billable? unset

we're still getting this so i'm re-opening it and passing it over to John, what with his one time login links and bloodhound style of deep problem investigation. Another comment today:

"I have tried several times to log in to the transition site. each time I
receive a message that my password is incorrect. On requesting a new
password, I then get an e.mail with a link. When I click on the link I am
then told I'm trying to use a link that has already been used or is invalid.
How can that be when I've just received it seconds earlier."

comment:3 Changed 6 years ago by ed

  • Owner changed from jim to john
  • Status changed from reopened to assigned

comment:4 Changed 6 years ago by ed

This also is a problem for Cynthia Rabinowitz using FF - so not just an IE thing

comment:5 Changed 6 years ago by john

Ed is the user still having problems ? can you get them to forward the email with the login link ? it would be good if we could get an actual example of a login link that does not currently work

comment:6 Changed 6 years ago by ed

done - sent you the two confirmation links from Sandra Woolerton...

comment:7 Changed 6 years ago by ed

and another sent from Jeanne Mackey - in your inbox...

comment:8 Changed 6 years ago by ed

Jeanne Mackey's config is:
OS: windows xp version 2002 sp3
Browser: Internet explorer version 7

comment:9 Changed 6 years ago by john

Ed,

Have not had the chance to get into this too much. However, I want to make sure we are not maybe merging one or more issues, any of which could be simply a user error. For instance, Sandra is on user validate, Jeanne is on password reset. Trying to sort one at once..

I have checked Jeanne's user details and have semi-recreated in test. It works fine, at this stage, the only conclusion I can come to is that either she did not click the link properly or a problem is being caused specifically on ie because of the issue of unsecure items on a https connection. Incidentally I have tried it on FF an IE and it worked fine. So...can you get her to request a new password again, try it again and ensure that she does not copy and paste the link, but does click it (if she misses just 1 character of the hash when cutting it won't work and will give her the message that we see in the mail).

Other than that, I have spent an hour trying to recreate it and no joy, I don't have time right now to do anymore....

comment:10 Changed 6 years ago by ed

thanks john, bear with it - i've asked her to do exactly what you said - will keep the feedback coming.

yup - the vailidation bug (which has your name on it too) is:
https://tech.transitionnetwork.org/trac/ticket/7

comment:11 Changed 6 years ago by jim

My 2p: This (and #7) are NOT Drupal issues, it's working fine. I've never heard of a login link not working - and realistically, given what it does and how it does it, I can't see a way for it to fail at the website end and not point to other things being corrupted in the system. There is no evidence of that presently.

So I'm pretty sure this is a client-side problem, most probably caused by user's mail clients mangling the long URL link. The mail client used is the only piece of information missing from this bug report and the one that is most likely. As John says, only a single character missing/truncated off the login link would cause these failures.

Questions to ask users: what email site/software are they using? Can they forward their message to Ed? Can they send a screenshot of the link? On closer inspection is the link broken onto two lines? Can they copy/paste the link (reconnecting the pieces if required) and does it work or not? Can they try getting their mail in a different/newer/better client (Thunderbird, Gmail, Hotmail etc)?

Over and out!

comment:12 Changed 6 years ago by ed

all good points, and have duly updated my templated reply. it's definitely a problem.

comment:13 Changed 6 years ago by ed

I'm not sure this is the same as the validation bug (https://tech.transitionnetwork.org/trac/ticket/7) as the password reminder email only has one link in it (the truncated one), whereas the registration validation has two (the truncated and the full one at the bottom of the mail).

is that correct?

comment:14 Changed 6 years ago by ed

This problem continues and I'm currently getting another wave of angry mails. NO movement yet mate - please update.

Latest now from staff and board members, using XP and Vista. Requesting new password, receiving email, clicking on link, taken to access denied page. not good at all.

Note on Jims' comments earlier is: there is no second link in the password re-set link.

Text of mail here:

Catrina Pickering,

A request to reset the password for your account has been made at Transition
Network.

You may now log in to www.transitionnetwork.org by clicking on this link or
copying and pasting it in your browser:

https://www.transitionnetwork.org/user/reset/1032/1284469190/be1969f86fe...

This is a one-time login, so it can be used only once. It expires after one
day and nothing will happen if it's not used.

After logging in, you will be redirected to
https://www.transitionnetwork.org/user/1032/edit so you can change your
password.

comment:15 Changed 6 years ago by ed

  • Status changed from assigned to closed
  • Resolution set to fixed

fixed - drupal update, combined with fancy login and logintobbogan conflict in Sept sorted this out. it was to do with the cookie domains.

Note: See TracTickets for help on using tickets.