DocumentationCommerceTools

[PaaS only]{class="badge informative" title="Applies to Adobe Commerce on Cloud projects (Adobe-managed PaaS infrastructure) and on-premises projects only."}

ACP2E-4535: Submitting the forgot-password form destroys or regenerates the session (PHPSESSID changes) and clears the guest cart

Last update: Wed Apr 29 2026 00:00:00 GMT+0000 (Coordinated Universal Time)

CREATED FOR:

  • Experienced
  • Admin
  • Developer

The ACP2E-4535 patch fixes the issue where submitting the forgot-password form causes the session to be destroyed or regenerated (PHPSESSID changes) and clears the guest cart. This patch is available when the Quality Patches Tool (QPT) 1.1.78 is installed. The patch ID is ACP2E-4535. Please note that this issue is scheduled to be fixed in Adobe Commerce 2.4.9.

Affected products and versions

The patch is created for Adobe Commerce version:

  • Adobe Commerce (all deployment methods) 2.4.7-p1

Compatible with Adobe Commerce versions:

  • Adobe Commerce (all deployment methods) 2.4.7 - 2.4.8-p4
NOTE
The patch might become applicable to other versions with new Quality Patches Tool releases. To check if the patch is compatible with your Adobe Commerce version, update the magento/quality-patches package to the latest version and check the compatibility on the Quality Patches Tool: Search for patches page. Use the patch ID as a search keyword to locate the patch.

Issue

When submitting the forgot-password form destroys or regenerates the session (PHPSESSID changes) and clears the guest cart.

Steps to reproduce:

  1. Add a product to the cart as a guest.
  2. Verify that the mini-cart displays one item.
  3. Open the browser’s developer tools and navigate to Application > Cookies. Note the current PHPSESSID value.
  4. On the storefront, navigate to /customer/account/forgotpassword/.
  5. Enter any email address in the email field.
  6. Complete the CAPTCHA validation.
  7. Click Reset My Password.
  8. Wait for the success message to appear.
  9. Check the PHPSESSID cookie value again.
  10. Review the mini-cart contents.

Expected results:

The cart retains all items.

Actual results:

After submitting the Forgot Password form, the PHPSESSID cookie value changes, causing the mini-cart to become empty. As a result, the guest quote is orphaned because it was associated with the previous session ID.

Apply the patch

To apply individual patches, use the following links depending on your deployment method:

To learn more about Quality Patches Tool, refer to:

recommendation-more-help
c2d96e17-5179-455c-ad3a-e1697bb4e8c3