Add test case for security question assignment and the tracking is now

done with a session scoped bean

webgoat-lessons/password-reset/src/main/resources/i18n/WebGoatLabels.properties

@@ -7,6 +7,7 @@ password-reset-simple.email_mismatch=Of course you can send mail to user {0} how
 
 password-questions-wrong-user=You need to find a different user you are logging in with 'webgoat'.
 password-questions-unknown-user=User {0} is not a valid user.
+password-questions-one-successful=You answered one question successfully please try another one.
 
 password-reset-no-user=Please supply a valid e-mail address.
 password-reset-solved=Congratulations you solved the assignment, please type in the following code in the e-mail field: {0}