WooCommerce Password Reset Loop Issue

A client of ours had complaints that customers were trying to reset their password, but when they received an email to change the password, they kept getting sent back to the password reset page :/ Customers got stuck in a password reset loop and couldn’t change their password. Nightmare ūüôĀ

WooCommerce Password Reset Loop

Spoiler alert: Sendgrid causes the issue.

The Cause of the WooCommerce Password Reset Loop Problem

The problem was, the link in the email which sends you to reset password page, was wrong. This wasn’t a WooCommerce issue, as the link being produced was correct. The issue was caused by Sendgrid.

SendGrid is a transactional email tool, when in use it saves your server from sending emails, instead the emails are sent viaSendGrid. It’s a great service because you can track all outgoing emails.

However, if you’re using SendGrid to process emails from WooCommerce and have click tracking enabled, dynamic links, such as the password reset link may break.

Sendgrid uses a URL sanitizer that changes the link, so a part of the URL that read “&login” was changed to “&login“.

Example:

This is URL is the correct format:
https://www.yourwebsite.co.uk/my-account/lost-password/?key=Dk3aZf7cRowTLlCMivhj&login=username

This is URL is the wrong format:
https://www.yourwebsite.co.uk/my-account/lost-password/?key=Dk3aZf7cRowTLlCMivhj&login=username

Did you spot the difference? The problem was with the ampersand “&”.

When “&login” changes to “&login” this changes the link and creates an issue in WooCommerce. The password reset form looks for 2 things: The ‘key‘ and the ‘login‘. If they’re not present, it won’t show the password reset form, just the standard “Please enter your username or email address.” form.

This then feels like a redirect loop, because you should be sent to the ‘change your password page’, but you just keep getting sent back to the ‘password reset’ page.

All because of a malformed URL created by Sendgrid’s email setup.

Fix the WooCommerce Password Reset Loop

To fix the WooCommerce Password Reset issue, all you need to do is:

  • Log into your SendGrid account
  • Navigate to Settings > Tracking
  • Find ‘Click Tracking’ and then hit Edit on the right side of the screen
  • Switch off ‘Click Tracking’
  • Uncheck the box for Enable click tracking in plain text emails
  • It should look like this:

Thanks to souverian for sharing the issue on WordPress Stackexchange

Also, big thanks to Easy Digital Downloads for instructions on how to turn off Click Tracking in Sendgrid.