Loading

Experience Cloud: Why the Password Reset Link Redirects Back to Login or Forgot Password Page

Julkaisupäivä: May 25, 2026
Kuvaus

Steps to Reproduce

  1. Navigate to the Forgot Password page of the Experience Cloud site.
  2. Enter your username and click "Reset Password".
  3. You will receive an email with a password reset link. Click the link to open the ForgotPasswordInterstitial page.
  4. On the ForgotPasswordInterstitial page, click "Reset Password". You will be redirected to the Change Password page.
  5. Close the Change Password page without resetting the password.
  6. Return to the same password reset email and click the reset link again.
  7. You'll be redirected once more to the ForgotPasswordInterstitial page. Click "Reset Password" again.
  8. This time, you'll be redirected either to the Forgot Password page or the Login page, depending on session and security settings.
Ratkaisu

This behavior is by design in Experience Cloud. When a user opens the Change Password page via a password reset link, the one-time token associated with that link is consumed — even if the user does not complete the password reset. Clicking the same link again will redirect the user to the Forgot Password or Login page.
Once the Change Password page is accessed (even if not submitted), the token associated with that link becomes invalid for subsequent reset attempts.
In a previous release, Salesforce introduced the ForgotPasswordInterstitial page between the password reset link and the Change Password page. The password reset link remains valid until the user clicks Reset Password on the ForgotPasswordInterstitial confirmation page, or until it expires after 24 hours. This setting helps prevent users and email security scanning tools from accidentally invalidating the password reset link.

Knowledge-artikkelin numero

004980183

 
Ladataan
Salesforce Help | Article