Hi @James Kim ,
I notice the error you pasted was for B2C so it sounds like you might be using a password reset custom policy. The user getting redirected to the "forgot password" page instead of the login page might be related to a previous bug in the setup for the “recommended” password reset flow. This would resolve the other issue with the back button invalidating the session.
In the ForgotPassword
technical profile, you need to make sure that the UseTechnicalProfileForSessionManagement
is set to SM-Noop
.
Let me know if this helps and if you still run into the issue.
If the information helped you, please Accept the answer. This will help us and improve searchability for others in the community who may be researching similar questions.