|
|
|
|
|
|
by jordanlev
3530 days ago
|
|
|
Hence one of the proposed solutions at the end of the article is to generate a new token when the link is used and put the new token into the form. But some sort of token needs to be used even after clicking the email link because the "enter a new password" form needs it posted as well (to prevent people from using that form willy-nilly on any account). |
|
|