Can't log in with the 'Reset Password' password.

I have 2, maybe 3, users now that are not able to select the 'lost password' option, create a new password, and then login with that password. I have created an account and followed these same steps and got the same results- could not log in.

Support access is open.

Thank you!

  • Predrag Dubajic

    Hey Ryan,

    Hope you're doing well today :slight_smile:

    I just tested this on your site by going to login link in menu, did a password reset from there and after completing the process from email link I was able to login with my new password.

    Can you give me some more info about what exactly happens, do you see any messages, did you try with different browsers?

    Are there any specific steps I could follow to replicate this?

    Best regards,
    Predrag

  • Ryan

    Well...

    Would you believe me if I said it works every other time... literally. I also get an error occasionally at login, "must enable cookies", I had modified wp-config.php last night which seemed to work, but then today, I was locked out altogether with a message "This has been disabled", so I reverted my changes to get back in. Some of my users are getting the cookie issue also. I think these login issues may be related.

    I think you are testing it correctly- to get, or not to get, the error.

  • Predrag Dubajic

    Hi Ryan,

    Would you believe me if I said it works every other time... literally.

    With all the weird problems I saw while working as support agent I have no issues believing this :slight_smile:

    So if I understand correctly, password change will work sometimes and other times it doesn't, regardless if the same user is in question?

    I had modified wp-config.php last night which seemed to work, but then today, I was locked out altogether with a message "This has been disabled", so I reverted my changes to get back in.

    What did you add in wp-config.php exactly?
    Before you reverted back did the password change work properly?

    Some of my users are getting the cookie issue also. I think these login issues may be related.

    Is this happening after changing the password as well or it happens to users that didn't change password as well?

    Have you tried disabling your plugins and switching to default theme to see if any of those are causing these issues for you?

    Sorry for all the questions, I'm trying to understand this as much as I can and hopefully replicate the issue in order to debug it further properly.

    Best regards,
    Predrag

  • Ryan

    1 - For the record, all the users were just loaded, so everyone in the school is new to this site. So the site has been tested by me but untested by the masses. And here we are.

    The password change took effect pretty immediately for me at first, so I assumed that this was standard. Later, I noticed that a password change did not seem to take effect immediately. The old 'forgotten' password would still work and the new one did not. After an unknown amount of time, maybe an hour, the new password would take effect. I have asked for all my users experiencing this problem to try their latest password again, or reset again and wait. We'll see what everyone says. I think this caused the appearance that it works sometimes and not others.

    2 - I was also getting a cookies required issue from some users that assured me that their cookies were enabled and had tried multiple browsers- others were getting on though. My new php-config seemed to fix the cookies issue from what I could tell, and because of the timing, I thought had solved my password reset issue as well- so I thought they must have been related, but maybe not... Those with the 'cookie' issues are not necessarily the same users with the 'reset password' problems.

    New:

    //https://gist.github.com/MikeNGarrett/e20d77ca8ba4ae62adf5
    //define('COOKIE_DOMAIN', $_SERVER['HTTP_HOST'] );
    define('COOKIE_DOMAIN', '.illumination.education' ); // Domain and all subdomains
    define( 'COOKIEPATH', $_SERVER['HTTP_HOST'] . '/' ); // You should set this explicitely.
    define( 'SITECOOKIEPATH', $_SERVER['HTTP_HOST'] . '/' ); // You should set this explicitely.
    define( 'ADMIN_COOKIE_PATH', SITECOOKIEPATH . 'wp-admin' );
    define( 'PLUGINS_COOKIE_PATH', preg_replace( '|https?://[^/]+|i', '', WP_PLUGIN_URL ) );
    /* That's all, stop editing! Happy blogging. */

    Previous and Current:

    define('ADMIN_COOKIE_PATH', '/');
    define('COOKIE_DOMAIN', ''); //Reset at the bottom-RR
    define('COOKIEPATH', '');
    define('SITECOOKIEPATH', '');
    <<<other stuff>>>
    define('COOKIE_DOMAIN', $_SERVER['HTTP_HOST'] );
    /* That's all, stop editing! Happy blogging. */

    Something in the first set fixed the cookies, but something in the first set also disabled the sites ability to turn "Login" to "Logout". (I use plugin "Login Logout Menu".) So, being stuck in "Login", I manually added a Logout so I could keep testing. But then, I was not able to Login back in again (error message-previous post) and had to undo my php-config.

    Maybe you have a recommendation for what to try next there. I have not gone through disabling plugins yet- still hoping to fix through php-config. I also use Upfront. I do not have a good feeling about switching to another theme and back.

    So, that's where I'm at. Still testing. Any advice is appreciated. Thank you very much for the questions and thinking it through with me...

  • Adam Czajczyk

    Hello Ryan,

    I noticed that the support access to your site is not active so would you mind enabling it so I could take a look inside?

    Also, could you please:
    - clear and disable any cache that you might have on site just for testing?
    - disable temporarily (again, just for testing) any security plugins that you might have?

    I'm wondering if that would change anything (we could then "dig deeper"). Let me know if those two actions took any effect on the issue and when the support access is enabled, please.

    Kind regards,
    Adam

    • Ryan

      Hi Adam,

      I closed this ticket as resolved because I still have so much testing that I can do independently at this point before calling in the big dogs! If you have any advice (or links) on good php configuration for cookies though, I'll go ahead and take it! I'll open a new thread for any further questions to stay on the question topic. My digression.

      On the bright side, one of my users let me know that they have successfully changed their password. I haven't heard back from anyone else about passwords or not being able to get in because of cookies. So no news is good news I guess... The only thing that is technically different now is that the Defender Login Protection is disabled- and I'm exhausted! :slight_smile:

      Thanks for your help!

  • Adam Czajczyk

    Hi Ryan!

    Like you said, no news might be good news here, indeed. The "Login Protection" might also be a worth checking closer but I understand your point on this so let's just see if the issue is away for good or if it comes back and if it does, we'll investigate it further/again.

    On the other hand though, I'm thinking that it might be good to take a look at IP Lockouts logs - if you can identify IPs of those users that experienced issues you might be able to correlate them with log entries. Audit logging, if it was enabled, might be worth checking too.

    Best regards,
    Adam

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.