Summary: if I ask for a password reset link, then go to another browser session, and use the link, I get an uninformative error. The link does work in the same browser session as the request.
Steps to reproduce:
- Open private browser window in (in my case) Firefox
- Go to (in my case) https://learn.nipraxis.org
- Create an account (Register)
- In another browser tab - log onto mail - activate the account
- Log out
- Sign in
- I need help signing in - Forgot my password - Recover my password
- Open another browser (in my case, Safari)
- Collect link from email
- Click to get : Reset Your Nipraxis Password - Page not found.
- Clicking the same link from the original private browser window gives the expected password reset page.
I also got this effect using different private browser windows on Firefox, on an earlier test. I can’t reproduce that now, maybe because of caching.
Is this expected (that the link will only work within the same session)? Is there a way of avoiding the Page not found error, and replacing it with something more informative?