"Confirm Resubmission" Error when Navigating between Password Reset Pages After Resending Email

Overview

This article explains why an error occurs during form resubmission when clicking the back button after requesting to resend a password reset email.

  • The expected behavior is that after resending the password reset email and clicking back, they should be sent back to either the original password reset screen or the login page.

Applies To

  • Resending password reset email

Solution

This is a common implementation of many web apps and occurs when navigating to a page that requires context from a previous form submission but essentially loses that context.

  • This happens when the user refreshes the page or presses the back button, so the browser attempts to re-send the form data. To prevent unintended duplicate submissions, some browsers or application implementations display the “Confirm Form Resubmission” warning instead of resending the request automatically
  • Between the steps to confirm the email to reset the password and being sent to the page where Auth0 instructs to check email, there is a POST request that happens to let the server know where to send the password reset.
  • The screen that indicates the email has been sent depends on a POST request of the data submitted from the previous screen.
  • When selecting Resend Email, Auth0 dumps the previous transaction and starts a new one. When navigating back to the resend email screen, the page rendering should depend on the POST data from the previous transaction, but it loses that transaction because there is a new one. The error appears because it depended on the first time the email request was presented.