We are running Nop version 3.6. We have been getting reports of some of our customers having difficulty using the Password Recovery. When this happens, they get the message "Wrong password recovery token."
I tested the Password Recovery on several of our stores with a few different email addresses and was unable to reproduce the issue. However, a couple of our sales people have been able to reproduce the issue and I have been sent screenshots of it.
At first, I thought it might be happening, because of a time limit for how long the recovery link is valid, but I checked the Setting for "customersettings.passwordrecoverylinkdaysvalid" and it is set to 7 days.
Does anyone know why this would be happening on occasion?
No, as I stated above, I did numerous password resets and could not reproduce the issue. A couple of our people were able to reproduce it, but I'm sure what they did that was any different from what I was trying. So, it seems to be a bit of a mystery.
Try to ask the users who received this error so that they describe all of the steps that led to the error. Unfortunately, without additional information we can't help you.
Having the same issue. A customer tried resetting their password but got "Wrong password recovery token" message. I could not recreate the issue. The customer tried again a hour or so later and was able to reset their password. My site is built using Nop version 4.2
1. Register as a new user and activate the account. 2. Logout and click on "Lost Password" link to get the email to reset. (No1) 3. Few minutes later, click on "Lost Password" link again to get the email to reset (No2) 4. Check your inbox where you should receive 2 x emails to reset your password. 5. Open the oldest email (no1) and click on the link to reset your password. 6. Get the "Wrong password recovery token" error.
in summary, customers are making multiple password recovery requests but not clicking on the link from the very last email they received. Each recovery request has its own token despite being for the same customer/email.
What can be done? A setting can be implemented so that system will not send a second lost password email to same email address at any given period, for example 5min, 15min, 30min, 1hr etc.
RE: "...system will not send a second lost password email to same email address at any given period..." Maybe. But it may be better to just "educate" the customer. I.e., edit the string resource account.passwordrecovery.tooltip and explain that email can take awhile, and to check the junk mail folder, and not to click again for a while.
This topic was automatically closed 365 days after the last reply. New replies are no longer allowed.
Hai ancora qualche domanda o hai bisogno di aiuto?