• Do not register here on develop.twiki.org, login with your twiki.org account.
• Use View topic Item7848 for generic doc work for TWiki-6.1.1. Use View topic Item7851 for doc work on extensions that are not part of a release. More... Close
• Anything you create or change in standard webs (Main, TWiki, Sandbox etc) will be automatically reverted on every SVN update.
Does this site look broken?. Use the LitterTray web for test cases.

Item7178: After Wiki password reset you're locked on the "Password reset page"

Item Form Data

AppliesTo: Component: Priority: CurrentState: WaitingFor: TargetRelease ReleasedIn
Engine Core Normal New   n/a  

Edit Form Data

Reported By:
Applies To:
Current State:
Waiting For:
Target Release:
Released In:


Using Apache htaccess user authentication.

When a user requests a new password (twiki/bin/view/TWiki/ResetPassword) the "Must Change Password" flag will be set in the .htaccess file, but this actually blocks the "Reset Password" Page.

So, once the password is reset by twiki to something random you can login on the ResetPassword page but you can't submit the form as "mcp=1".

Whatever page you try to access, you will always be forwarded to the ResetPassword page and there is no way to leave it (other than browsing as anonymous)

$VERSION = '$Date: 2012-12-16 00:58:48 -0500 (Sun, 16 Dec 2012) $ $Rev: 24504 (2012-12-16) $ ';
$RELEASE = 'TWiki-5.1.3';

-- TWiki:Main/GeertLorang - 2013-03-08

I tried to reproduce this on TWiki-5.1.1, TWiki-5.1.4 and trunk. It works as intended on these three versions, so unfortunately I can't reproduce this. What login manager do you use? Any special password manager?

-- TWiki:Main.PeterThoeny - 2013-03-10

Just did a fresh install of "TWiki-5.1.4, Sat, 16 Feb 2013, build 25114" at home and can perfectly reproduce the issue.

Here are the settings from configure -- actually the defaults I guess, as I didn't change them:

{LoginManager} = TWiki::LoginManager::TemplateLogin

{UserMappingManager} = TWiki::Users::TWikiUserMapping

{PasswordManager} = TWiki::Users::HtPasswdUser

{Htpasswd}{Encoding} = crypt

Here is what I just did, quite straightforward but maybe it helps to reproduce.

- Install fresh copy of TWiki 5.1.4

- Create a new user as TWikiAdmin user

- Logout as TWikiAdmin

- Goto view/TWiki/ResetPassword

- Enter Username of new user

- Check data/.htpasswd : mcp-flag will be set to 1

- Login with new password - You will be redirected to the ChangePassword page

- Enter current and new password

- Click Change password

- You will be redirected again to the ChangePassword page

--> Your password is not updated (check data/.htpasswd)

I just see I reported mistake in my original post: Once "mcp" is set to 1 you will always be forwarded to the ChangePassword page instead of the ResetPassword page. Sorry for that.

Hopefully this helps.

-- TWiki:Main.GeertLorang - 2013-03-10

Summary After Wiki password reset you're locked on the "Password reset page"
ReportedBy TWiki:Main.GeertLorang
Codebase 5.1.3
SVN Range TWiki-5.1.3-trunk, Fri, 01 Mar 2013, build 25265
AppliesTo Engine
Component Core
Priority Normal
CurrentState New


TargetRelease n/a

Edit | Attach | Watch | Print version | History: r3 < r2 < r1 | Backlinks | Raw View |  Raw edit | More topic actions
Topic revision: r3 - 2013-03-10 - GeertLorang
This site is powered by the TWiki collaboration platform Powered by PerlCopyright © 2008-2023 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback