Password Reset Name Value Error

Rudigo
Mon, 03/30/2020 - 22:58
Forums
Support
Hello, I recently upgraded to the latest Opigno and Drupal core per security instructions. I have discovered an odd error. 1. When visiting the homepage as an anonymous user, if you enter an incorrect username/password you are shown the Drupal Alert to "Forgot your Password?" 2. This passes the variable ":password" in the url to the Password reset page. That should mean that whatever username you have entered is set as the "name=" value in the username reset field. 3. However, if you open a new session and repeat this process with a completely different user account, it still shows the first username in the field. 4. ex: I enter username: foo > incorrect password > click forgot password link > url name=foo > it says "foo" in the username field to reset password Now I open an incognito window: enter username: bar > incorrect password > click forgot password link > url name=bar > it says "foo" in the username field to reset password. This is on the anonymous homepage with slider. Has anyone else experienced this?
admin
Tue, 03/31/2020 - 12:05

Hi Rodrigo,

Hi Rodrigo, We cannot replicate this issue. Maybe its a setting on your browser? Best regards
Rudigo
Tue, 04/07/2020 - 21:10

Culprit Found

I did a lot of testing and have actually found the culprit is: Internal Dynamic Page Cache - dynamic_page_cache when that core module is activated, for some reason in conjunction with the Opigno user login sidebar, when a user hits "Forgot Password" on a failed login attempt. It loads the last user's information to hit that link. Disabling the Internal Dynamic Page Cache fixed it for me in case anyone else ever stumbles across this.