Click "login", then follow the procedure for a forgotten password. Follow through with the "Forgotten password confirmation. You get page "forgot_password.php". Here is a link to "change your password". Click there and you go to your auth module's login form, since you need to login before you can change your password. Now login using the new password provided in your email. Now you should be taken to the change password form, since that's where you wanted to go when you got re-routed to the login form. It doesn't happen,instead you go to the home page.

The reason is on line 182 of file "login/index.php". Here code checks $SESSION->wantsurl, which is properly set to the change password form. However, it also checks to see that the "wantsurl" address contains $CFG->wwwroot. Since my site is using SSL, this fails. It should also allow "wantsurl" to contain $CFG->httpswwwroot.

cheers,
– mike