After a failed CAPTCHA forgot password submission, the 'Text verification failed' alert persists after refreshing the page


  • The screen name/email address field value is not removed from the page after refreshing the page after an invalid 'forgot password' CAPTCHA attempt, and the 'Text verification failed' alert persists.

  • Steps to Reproduce
    1. Start Liferay 7.2
    2. Click on the login link, then select 'Forgot Password'
    3. Type in something for the screen name/email address, along with an invalid CAPTCHA, then click Next
    4. After receiving the failed submission message, manually delete the user credentials (optional: clear browser cache first), then refresh the page
    Expected Result: This should be reverted to a pre-submission state, with no alert on the page and no user input in the first credentials field
    Actual Result: The alert remains on the page along with the email address/username originally typed by the user.


  • Liferay DXP 7.2


  • The observed behavior is the intended behavior of the portal, as refreshing a page with form submission (in this case, the user-provided content within the username/email field and the CAPTCHA field, which is why the fields are not cleared). The CAPTCHA is tested (and fails) again when the form is resubmitted, which is why the alert remains.

  • This is reflected in the browser's 'Confirm Form Resubmission' popup, which shows when trying to refresh the page and notifies that returning to this page will result in the activity being repeated.

  • Users can avoid this by selecting the back button icon next to 'Forgot Password' while using the uncustomized forgot password portlet, or by using their browser's back button.

Additional Information

  • Screen recording of the reported behavior of the portal.
¿Fue útil este artículo?
Usuarios a los que les pareció útil: 0 de 0