So we’re having an issue where a user has recently (i.e. a few days ago) reset their password, which is on a 90 day expiration, but when they log in, they’re still getting the “Your password has expired” error. But there’s a few surrounding details at play here that I’m hoping will help someone help us solve this problem.
-
We have multiple users using the same machine. So multiple users are using the same machine and browser to log in, and not all of them have reset their passwords even though they’re past the 90 day expiration. Said expired users should get an email to reset their password but some of them just see the reset password page and then give up.
-
A user who has done their due diligence and reset their password later tries to log in using the same machine, but when they try to log in - i.e. enter their email address in the Auth0 login screen (using the Identifier First authentication profile) - they get rerouted to our site’s password reset page, which only happens if Auth0 returns with the “password has expired” error.
-
We did a screenshare with one of the users in #2. I noticed that in the logs, when this user tried to log in and got redirected to the password reset page (despite having reset her password the other day), the Auth0 logs depicting these events was actually all for a different user, one who had yet to reset their password. So we think it has to be some sort of caching issue where a previous user’s session is still in the local storage or cookies.
-
When this user tried logging in using Incognito mode, everything worked fine. So of course it seems to be a caching issue. But when we asked the user to clear her cache (and watched her do it over screenshare) and try again, she was still experiencing the issue.
Any ideas?