Since 5.2.3, setting a user to "Require Password Reset" creates perpetual redirects

[andreamhill]

1. Set a user to require a password reset upon next login
2. Have that user try to log in to the back end administration
3. Once they have entered their credentials, they will get an error like "Err_too_many_redirects" (verbiage changes depending on browser).

It took us 24 hours to figure out what was causing this issue. We checked everything from cache to .htaccess to DNS zone file settings, every possible extension conflict, and browsers including Chrome, Edge, Firefox, Opera, and Safari.

Ultimately, the solution to the redirect problem was to turn off the requirement to reset password on next login!

System information (as much as possible)

Joomla version 5.2.3

[Hackwar]

As was already described in #44821, this is a known issue in 5.2.3 and will be fixed in 5.2.4. If you need the fix earlier, feel free to apply the changes from #44723 in your installation now. Otherwise you will have to wait until February 18th for the release of 5.2.4.

[andreamhill]

So sorry - I dug through issues first but just didn't see it, and wanted to make sure it was reported in case people were still trying to figure it out. Thank you! Andrea

…

On Wed, Feb 5, 2025 at 9:02 AM Hannes Papenberg ***@***.***> wrote: As was already described in #44821 <#44821>, this is a known issue in 5.2.3 and will be fixed in 5.2.4. If you need the fix earlier, feel free to apply the changes from #44723 <#44723> in your installation now. Otherwise you will have to wait until February 18th for the release of 5.2.4. — Reply to this email directly, view it on GitHub <#44823 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/ADRMQ5WBRST327JMPXZ6BCT2OIRY3AVCNFSM6AAAAABWRI6BY2VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDMMZXGEYTCOJRGA> . You are receiving this because you authored the thread.Message ID: ***@***.***>