Customer Portal

Get Involved. Join the Conversation.

Topic

    Scott Heidenreich
    Password Reset link in email expiring immediately
    Topic posted November 7, 2019 by Scott HeidenreichBronze Trophy: 5,000+ Points 
    24 Views, 8 Comments
    Title:
    Password Reset link in email expiring immediately
    Summary:
    A customer is not able to reset password because link is expired immediately
    Content:

    Hello,

    I have a customer contact who is gettting the reset password from the system as expected from the customer portal. However, when she clicks the link to reset her password, she gets the "link has expired" message, even though she clicks the link immediately upon receipt.  I cannot reproduce this issue with my own account neither can others at my agency.  Any ideas what may be happening on her end that is causing this?

    She claims to have dumped browser cache and cookies.

    Thanks

    Scott

    Version:
    19B

    Comment

     

    • Colby Ross

      I have assumed that you have check this settings to make sure she is meeting the criteria:

      SEC_EU_EMAIL_LINK_EXPIRE

      CP_FORCE_PASSWORDS_OVER_HTTPS

      Additionally, is your CP using and PTA or SSO that could be causing an expire issue?

    • Scott Heidenreich

      It is only happening to her - other users have not trouble with the password reset link.

    • Scott Heidenreich

      link expire on our site is 24 hours

      force HTTPS = Yes.

    • Scott Heidenreich

      Not using PTA or SSO - just straight login php pages from the customer portal link

    • Colby Ross

      And her contact record is not disabled? 

      Do you have a image showing the message she is getting?

    • Scott Heidenreich

      It isn't disabled. Her email is working. She is receiving the email from the reset link and from the agent's press of the reset password button for her contact account. Screen shot is attached.

       

    • Colby Ross

      I am pretty stumped as to what the issue might be. Is she using a specific email client that is different from what your agents are using, and has she tried it on other browsers?

      You may have done these, but my next steps would be:

      1. I'd have her try opening the link in a different browser to see if the result is the same. If it is, I'd move to step 2.

      2. I would see if the customer has another email address that you could use that uses a different client. Then I would update the contact record in OSvC and send her a new password reset link. If she gets the link to the address and tried two different browsers again and 'no dice', it would have to be something probably with her computer set up which would be hard to narrow down.

      3. If all else fails, to get her logged in, you may want to update her contact record to your email address, send the password link to your email address. Then give her a call and change the password while she is on the phone so you can give it to her. Then she could login to the customer portal that way, and go to her Account Settings page and reset the password without having to use a link. This does not solve the primary issue, but it would get her into her account and moving in the right direction. 

      Ultimately, I think her email client or browser is somehow reading the initial click to the reset link page as an action already completed, or the browser is reloading the link page after a click and then it is recording that action thus making the link expired because it was already clicked, but the page just reloaded. Harder to prove that one out without the customer getting really involved in the troubleshooting. 

      • Scott Heidenreich

        Ok. Thank you.  We tried all of that, except changing her email address to one we can access.  Typically not something we like to do, as it is a significant security risk if the person on the phone isn't really the contact and is trying to spoof us into giving up the account to a hacker.