mirror of
https://github.com/silverstripe/silverstripe-framework
synced 2024-10-22 12:05:37 +00:00
ab52b677aa
At the moment, if a user is logged in on a device (say, their phone) but has forgotten their password. If they attempt to reset their password on their desktop, then open the email on their phone they then see the reset password form *with* the CurrentPassword field. I'm not entirely sure what happens if a DIFFERENT user is currently logged in, but I think they remain logged in and you're effectively trying to change their password. Both scenarios are not ideal and (in fact) this happens a lot in the real world as it's a legitimate complaint we're receiving from a visitors of one of our client's websites.