I've gotten a few e-mails from people who could not successfully reset their passwords. It goes somewhat like this:
* user fills in a password reset form
* user receives an e-mail with a special link to a page that enables him to change the password
* on that page, user sets the new page. He is automatically logged in (it's a feature)
* unfortunately, user is unable to log in with this password when he comes back later.
* user resets the password again (and again for every visit)
I don't have this problem myself - I reset the password with any problems.
I've been contacted by 4 people with this problem, all within the last 2 months, so it's not a coincidence. First two cases ended with me changing the password for those users and not really getting any new knowledge. In the latter two cases I replied to users asking for more details and didn't get anything back.
I have not changed any relevant parts of the codebase (logging in, resetting the password) in almost a year. The database is not corrupted.
There's clearly something wrong and I can't find out on my own. Do any of you suffer from this problem? If not, could you please try changing the password, log out and then try logging in?