When in the reset password flow edge cases, I’ve customised the Redirect To URL in the Change Password template for it to be redirected to a custom error page to deal with the different scenarios.
This has covered the following cases:
- When user has already used the link to reset their password successfully - you cannot use it more than once → Redirects to Redirect URL configured
- When URL expires due to custom set lifetime → Redirects to Redirect URL configured
Edge case scenario NOT covered:
- When user sends multiple reset password emails to the same email - old ones still redirect to this “Authentication Error Access expired” screen because only the last email sent is valid. They are treated in a different way somehow.
How could I make that case behave like the top ones? It needs to be consistent - otherwise user is left hanging in that screen.
Thank you.