I have searched for a solution, but have only found situations that don't resolve my problem. My need: at login, a user with a password that has not been changed in XX-days will be directed to change their password (should this be a submission page or a password change form) . The system, knowing what their current password is, will not allow them to use the same one. Once the password is changed, the user will continue to the page they were trying to sign into. My level of experience