Hi,
Several patrons have called in stating that the link in the password reset email they receive sends them directly to our Events page of the website instead of to the password reset page.
It has been our assumption, up until now, that either they tried to re-use the link or had waited too long and the token expired, so this would be normal behavior. However, this theory has, at least in a few cases, been debunked.
In our most recent example, the link did not work properly for our patron when it was sent to her work email, but worked fine when sent to a personal email address. This was the case whether she requested to change her password online, or if our patron services representative sent her the email via the Tessitura client.
Has anybody seen this behavior, and/or have any ideas what could be causing it? I have tried to re-create the issue repeatedly, but it always works perfectly.
Thanks!
Jeff
Web logins are linked to email addresses.
· Are both emails (work and personal) linked to web logins?
· If so, are both logins of the same type?
· Are they both active/non-temporary?
Fernando Margueirat Senior Business Analyst The National Ballet of Canada 470 Queens Quay West Toronto, Ontario M5V 3K4 P: 416 345 9686 x453 F: 416 345 8323
http://national.ballet.ca
From: Tessitura Technical Forum [mailto:forums-technical@tessituranetwork.com] On Behalf Of Jeff Stahel Sent: Monday, October 24, 2016 10:13 AM To: Fernando Margueirat <FMargueirat@national.ballet.ca> Subject: [Tessitura Technical Forum] Password reset token failure
This message was sent automatically to you by www.tessituranetwork.com because you subscribed to the Tessitura Technical Forum. You may reply to this message to post to the Technical forum or visit the site to search, read and post to the forums. In the interest of keeping the forum posts from becoming cluttered, we encourage you to delete previous message text from your reply before sending. Thank you!
Hi Fernando,
Thanks for your reply!
Yes, both emails are linked to logins, and both are Customer logins. The one that did not work properly is marked as Temporary. Does the fact that it is Temporary make the reset not work?
Thanks,
Hi Jeff,
Is it possible that the login, which was marked as Temporary, is a remnant from the olden days, when a temporary login could be assigned in the client? If so, try deleting it and ask the patron to recreate the account.
Hope this helps!
Ahmet Unal, IS Manager, University of Missouri - St. Louis/Touhill PAC
Hi Ahmet,
Thank you for the input. Unfortunately it does not appear that this is the case. More and more I suspect that there are external matters at play here that are blocking or corrupting the token.
Is it possible that the link is being followed by a spam/virus scan tool which is following the links? I have seen this a lot (easiest way to check is open the promotions of the user... if every email has been clicked through it should be pretty obvious there's a bot at play)
It may be beneficial to add a "Login to my account and reset my password" button or other human verification step (captcha?) so the tokens aren't used up by a bot.