Password reset loop

Hello world :slight_smile:
I am the webmaster for the site of a friend. He chose ‘TheShop’ as a theme for a webshop (WooCommerce powered).

We both have been extremely happy with the results and functionality of the theme so far, but we bumped into a weird quirk recently.
When a user clicks the ‘I forgot my password’ button, an email is automatically sent to that user’s emailaddress. That email contains a ‘password reset link’, like this one:
https://redacted.something/mijn-account/lost-password/?key=PKP14Y8oliubrFfHDyxN&id=10

So far so good.

BUT: when the user clicks the link, he gets sent to the exact same page as before (the ‘I forgot my password’-page). And so a user is effectively stuck in a “password reset loop” :pensive:

Things I’ve tried so far:

  • contacted our webhost to make sure they disabled server-side caching (found this as a possible solution on the WooCommerce-forums)
  • disabled all the WordPress-plugins (except the core WooCommerce one, otherwise the ‘I forgot my password’-button is not displayed; it’s part of their functionality)
  • contacted WooCommerce to tell them about the issue and this was their answer:

"As a test, I went on https://www.redacted.something/mijn-account/lost-password/ and created an account with wootest@monumentmail.com .

I then tried to reset the password. I can reproduce the error you stated, where the “lost password” form is displayed again. I’m suspecting there might be a theme conflict in this case.
I would recommend temporarily switching your theme back to the Storefront or Twenty Nineteen Theme. We do highly recommend a staging site for these tests so that your Live site is unaffected. A staging site is a clone or copy of the Live site, used for testing. You can reach out to your Host if you need to have a staging site set up, as they usually can assist you with this.

So I am running out of options, sadly. Is there anything that TheShop can block / cache / alter … ? Is there a setting or a line of code I need to change to make the reset-links work ?

Thanks in advance for your time & consideration !

Greetings from Belgium :blush:

Hello there,

Thank you for contacting us.

I hope you’re doing well today.

Password reset is not part the theme’s code as theme only add styles and some extra HTML on appearance side of thing.

Your issue must be cause by third party script. To verify this, please try temporarily enable one of default WordPress themes like Twenty Twenty and run your test with the same. Let me know your views.

Stay safe.
Have an excellent day :slight_smile:

Regards,
Kharis
aThemes Support

Thank you, @kharisblank for trying to help out :smile:

I performed a test like you suggested (with the TwentyTwenty theme) and I still keep ending up at the same “lost password”-page.

So you were right: this is not related to TheShop.

Any idea how I should proceed to debug this further ?

Hello there,

Thank you for getting back and updating me. I really appreciate it.

I request you to disable all plugins at once except WooCommerce. Then have a check to see whether the issue remains or not. If not, the issue should be with one of your plugins. Re-enable them by one and test on each to find out the culprit.

Stay safe.
Have an excellent day :slight_smile:

Regards,
Kharis
aThemes Support

Hi there @kharisblank

I tried what you suggested: disabled all plugins and retested. Problem persists :frowning:

Anything else I can try ?

Thanks again for your consideration !

Hello there,

Thank you for getting back.

Please try switching the theme temporarily to the one of default WordPress themes like Twenty Twety and have a check with this same. This procedure will help rule-out any specific issue with Theshop theme.

Stay safe.
Have an excellent day :slight_smile:

Regards,
Kharis
aThemes Support

Thanks again @kharisblank for being persistent :muscle:t3:

I gave your suggestion a try, but results remain the same.

Time for me to try the WooCommerce forums ?

Hello there,

Thank you for updating me.

Yes, the issue may be with your WooCommerce. For that case, I strongly recommend you contact the WooCommerce support.

Stay safe.
Have an excellent day :slight_smile:

Regards,
Kharis
aThemes Support