|
|
|
|
|
|
by bigiain
838 days ago
|
|
|
> Or should we have tokens that expire in a reasonable time frame. And that are single-use. (Your password reset "magic link" should expire quickly, but needs a long enough window to allow for slow mail transport. But once it's used the first time, it should be revoked so it cannot be used again even inside that timeout window.) |
|
|