solidus_devise: Some customers cannot reset password, token expired.

[keferboeck]

Some customers cannot reset their password, they are getting the token expired error message. (The majority can)

However, they just reseted their passwords, and clicked the correct link in the email.

We did lots of troubleshooting, and we tried various things:

• Setting expire date of token.
• Setting the correct time zone (UTC)
• Deleting tokens, and reset token sent date/time
• Asking customers to clear all cookies and cache, etc.
• Reassuring there are no network issues (VPN, Blockers, etc.)

It turns out for customers where it didn't work, at some point it started working and for others it started failing.

It is impossible for me to reproduce the issue on local, and it never happened on my machine.

If we can't reproduced, is there a way (i.e.: daily clear all reset password tokens, etc.) to reduce the risk.

Since we have a locality programme, and users can't sign in because they can't reset the password, we've been losing a fair share of business over the past 2 months. Any help would be much appreciated!

Thank you!

[jarednorman]

solidus_auth_devise doesn't make any real modifications to the password functionality that ships with Devise, so if you're having issues with that functionality, you might seek guidance from them. I've never heard of anyone having issues like you're describing.