Expire token after 12h and if user logged-in again
As an hardening measure we should expire password reset tokens after 12h and if the user has logged-in again successfully after the token was requested.
Please register or sign in to comment
As an hardening measure we should expire password reset tokens after 12h and if the user has logged-in again successfully after the token was requested.