|
|
|
|
|
|
by mikey_p
4905 days ago
|
|
|
This is pretty much exactly what Drupal does as well, with the exception of using the user's password hash instead of the ID as input before hashing and it also stores the timestamp of the reset request as part of the URL (and the token) to allow for expiring password resets. |
|
|