Change password is inconsistent

Silverstripe Version: 4.1

Having a hard time making any sense of this. I click the forgotten password link on the /admin page, enter my email address and I get sent a link to /Security/changepassword?m=


The problem is with the change password screen. Sometimes this works as expected and loads the page.
Other times it will redirect me back to the login page with a non-sensical message: “You must be logged in in order to change your password!”

Ignoring the poor English, If I could login - I wouldn’t been changing it through the forgotten password functionality!

Reading the code in ChangePasswordHandler::changepassword() I see where this happens. Seems like a bug I get this far though. I assume there’s been a problem with the auto login hash. Shouldn’t that be the message relayed in this case?

If u could recreate kindly raise an issue with the steps to reproduce on the silverstripe cms github; there should be someone from dev team looking through


I’d raise an issue on framework, rather than cms: