Agent password reset page loops -- entering email/username refreshes the page and strips the token from the URL

Apply the session revert patch from: https://github.com/osTicket/osTicket/pull/6766/commits/416b548bd812188fec62c89fe8bfb0a3128731a1 to class.ostsession.php (remove the green/added lines, restore the red/removed lines). After patching: restart the web server and PHP-FPM, run TRUNCATE ost_session in the database, and clear browser cookies/cache. If the agent account was newly created without a password set, also check whether the reset email contains a valid token.