locked Re: ANOTHER DISASTER - a member reset another member's password


 

J,

The really odd thing, though, was that when *I* clicked on the link
(which I did, out of curiosity, before the other person did), and then
just exited the window without doing anything, the next time I went to
my group the system made me log in again, as if I'd logged out (I
hadn't).
That's not too odd. In order to complete the password reset the site would need to be accessing the other person's account. Which means it needed to be signed out of yours.

Look at it this way: because the email address associated with that link was not your address, and the system believed that the person clicking the link was that other person, it dared not allow that person access under your account.

So it seemed to me at that point that when I clicked on the link, it was
known which account (email address) I was coming from.
It "knew" only the address of the other person. That's who it thought you were.

-- Shal

Join main@beta.groups.io to automatically receive all group messages.