Hello,
We are experiencing a recurring issue affecting multiple clients across our two systems:
Observed behaviour:
-
Client receives password reset link (remind_link).
-
Link opens correctly.
-
Password creation page loads without issue.
-
After entering a valid password and clicking “Save new password”, an error appears.
-
The password is not saved.
Important clarifications:
-
This is NOT a browser issue.
-
It occurs across Safari and Chrome.
-
It occurs on iPhone and PC.
-
It occurs on WiFi and 4G.
-
It occurs with Gmail, Protonmail, Yahoo, Me and Hotmail.
-
Client merges have already been completed.
-
The issue does NOT happen consistently in controlled testing.
-
The failure occurs specifically at the password submission stage.
This suggests:
• Backend validation failure
• CSRF/session token issue
• SameSite cookie restriction
• Cross-domain submission conflict (custom domain v2 → secure.simplybook.it)
• Token lifecycle conflict at submission
The reset link itself is valid (page loads normally).
The error happens only on form submission.
We kindly request:
-
Server-side logs for failed password submissions.
-
Confirmation of any known issues with v2 custom domains.
-
Verification of CSRF/session validation on password save.
-
Confirmation if any recent updates affected password reset handling.
This issue is business-critical as login is mandatory in our system.
We are available to perform a live monitored test if needed.
Thank you.