Magento Password Reset Link

0
votes

We run a multi-store/view magento site. Let's say our site is called www.domain.com (running the "retail" store) and another url trade.domain.com running the "trade" store

When a customer requests a password reset from trade.domain.com, they get a password reset link like this: http://trade.domain.com/customer/account/resetpassword/?id=12&token=84fb6f65548995191e526b815982bf23

Clicking this link re-directs to login page with the error Your password reset link has expired..

However, if you replace the "trade" from the domain with "www" like this: http://www.domain.com/customer/account/resetpassword/?id=12&token=84fb6f65548995191e526b815982bf23

The password reset appears to be working correctly.

Any idea why this is happening? Have I configured the magento incorrectly? Is this a known bug?

3
magento
which one you think is correct trade.domain.com or domain.com? - Yogus
Both are correct. domain.com is running the "Retail Store View" and trade.domain.com is running the "Trade Store View" - Latheesan
The sub domains acts as two different domains . Have you installed two seperate magento for Retail and trade - Yogus
No, I have not installed two magento. It's a single install with multi-store/view setup. We use nginx as the web server. On the vhost entry, we have a config for both domain. Each domain runs their respective store view code. - Latheesan
Are they using different databases? Sounds to me like trade.domain.com is looking for the token parameter in its own DB, and doesn’t find it – because it has been written into the DB domain.com is using … - CBroe

3 Answers

0
votes

Customers are shared either per website, either across all websites, so at least, a customer account is usable on all of the store views that a website contains. Consequently, it is normal that the password reset link works for your store views.

In fact, if you would like to separate the customer accounts between your store views, you would have to create separate websites that would not share customers.

0
votes

Is that subdomain password protected? That could be a problem or if subdomain is set up with a password protected extension, they won't be able to access example.com/customer/account/changeforgotten/ without already being logged in. So you'll have to allow them access to that url first otherwise it'll keep redirecting. I had the same problem.

0
votes

Check the cookie domain for the website trade.domain.com. In Magento 1 it's in System->Configuration->Web->Session Cookie Management. (Making sure that you change the scope in the top left to the Website you want to update it for.

I have a store that has multiple websites, each with their own view and does not share accounts across websites, and had the same problem. Changing the cookie path fixed it for me.