I have noticed that every web site has the exact same behavior for their passwor
ID: 660249 • Letter: I
Question
I have noticed that every web site has the exact same behavior for their password reset pages. They send a link to your email using which you can reach the password reset page. On that page you enter the new password. So far so good. But at this point, they always prompt me to login again. Why? I just entered my password twice along with my login (email - of course this is done implicitly via the link). So why prompt me to login again? Is there a security reason for this that I am not seeing? Or is it just an old practice that seems to linger?
Explanation / Answer
There is no reason this cannot be done technically, and I see the occasional site doing it. But it would require extra code to be built, so it's cheaper to let you handle the login ;-)
The same thing happens with the confirmation link when registering: in most cases you still have to login (but in this case there are relatively more sites that auto-login, in my experience).