My environment: Joomla 5.4.6
CB: 2.11.0+build.2026.01.12.21.55.56.a25ef0f6c
I am not quite sure if the following behaviour is a feature or a bug. The scenarios is are as follows:
Scenario 1
1. Log in with your own user profile
2. Select the link: 'Delete account and profile'
3. You will get a confirmation email in your mail box .... and you have to click onto the embedded link in order to trigger the deletion process
4. Your profile will be deleted as expected an you will get again an email which informs you about this
Scenario 2
1. Log in with your own user profile
2. Select the link: 'Delete account and profile'
3. You will get an confirmation email in your mail box .... (don't click on it!!!)
4. Log out from the website first
5. Click now on the link within the confirmation email you got at step 3
6. Now the Login mask of the website appears with an alert that you have to be logged in
7. Log in to your website (according to the 'alert') ....... /** PS: your profile is still available **/
8. Click again onto the link within the confirmation email you got at step 3
9. Now you get the message on the screen that your user profile has been deleted
10. you also get an email which informs you about the successful deletion
Questions:
1. Why is it necessary that the user has to be logged in while clicking onto this confirmation link? Of course you can say that this is an additional security feature ... BUT ... this user knows his credentials for sure, because without the log in to the website with these (correct) credentials he would not have been capable to trigger the corresponding confirmation email (for the deletion)
2. Let assume that the scenario 2 is correct: As soon as the user logs in at step 7 (according to the alert in step 6) the deletion process should be continued automatically .... but this is not the case: The user has to 'trigger' this deletion process for a second time by clicking onto the link in the confirmation email
So I am not sure if scenario 2 is a bug or a feature
regards
