|
|
|
|
|
|
by LammyL
5107 days ago
|
|
|
The idea of hashing the server side token is still a good idea, just incase the db of valid tokens is ever stolen, they would be useless. But I don't really see the need of hashing the server side token+the encrypted password, since, as you said, just invalidate all tokens on password reset. |
|
|