Since mid November (~Nov. 19), we’ve received an increasing number of users contacting our customer service team to report that they are stuck in an infinite loop of password reset. They attempt to log in, fail, click password reset, are sent the email, and the auto-generated link sent in that email takes them to the /account/invalid_token page instead of the correct password-reset tokenized page. So they click password reset once more, get a second email, and are again redirected to /account/invalid_token. They are not able to get to the password reset form (only one user was able to complete her password reset, and that was when she switched from mobile to desktop).
I have not been able to recreate the bug on any of my devices, but it has become such a common occurrence that it is affecting us tremendously.
The steps I’ve already taken in an attempt to solve this issue are:
- Contacted Shopify support multiple times (their advice is to tell our users to clear their cache, which is not a feasible solution for most of our clientele)
- Reverted to Default the Customer Account Password Reset email notification
- Updated our reset_password.liquid to the newest version of password reset liquid code that Shopify suggests in their documentation.
There has been no evidence that any of these actions have helped the situation, and the inability to recreate it is making this very hard to debug. Has anyone dealt with something similar and come up with a solution?
Thank you!
