Recently, I have come across the mentioned bug during a password reset of Trac:
Reference bug trac-hacks.org/ticket/3233
This looks like an issue when set to "Force users to change passwords after a password reset?". I changed the config to not force the password change.
Also removed the session attribute in reference from the trac database:
sqlite3 yourtrac/db/trac.db \ 'DELETE FROM "session_attribute" WHERE "name" = "force__change_passwd";'