Does anyone know why this happens, and what can be done to prevent it?
Our users are getting two recovery emails with different tokens, but only when the username also happens to be the email address which is also entered in the user email address field. The first recovery email works fine; the second email will give a recovery token which produces an error
Edit1:- Correction to my earlier statement. I was using a previous password for the first recovery mail without realizing it. Setting a completely different new password results in no change (even if the "password changed" message is shown)
Edit2:- I have verified that the hash changes to the same value wether you cheange it wiith recover link or in backend. BUT: If the username is "steve.jackson", I get unknown user/password. But if I change the username so it matches the email address of the user, then this allows me to login. But then we are back to the duplicate recovery email issue. What the heck is going on here?
DW 9.17.3
Cheers
//Steve