Bug Report — Critical Login Issue
Example of a concise, reproducible defect report for a critical regression.
Metadata
- Severity: Critical · Priority: P0
- Environment: Staging (build 2.15.0-rc3), Android 14, iOS 17
- Owner: Auth Squad · Reporter: QA
Summary
Users receive 500 when logging in with valid credentials post password reset.
Steps to Reproduce
- Reset password for an existing account
- Attempt login with the new password
- Observe error response 500
Expected vs Actual
- Expected: Login succeeds
- Actual: Server responds 500
Evidence
- Screenshots and HAR file (links to be added)
- Server logs trace ID
- Jira issue link
Impact & Scope
- Impacts all users who reset password within last 24h
- Risk of increased support tickets and drop-off in login funnel
Suspected Cause
Stale session tokens not invalidated after password reset; mismatch between session store and auth service.
Workaround
Force logout and re-login after reset; clear session cookie on first login attempt.
Fix & Verification
- Invalidate all active sessions on password reset
- Add integration test to prevent regression
- QA: retest login, reset, concurrent device flows
Regression Scope
- Login (email/phone), MFA, remember-me, session expiry
- Password change, logout across devices