|
|
|
|
|
|
by jeltz
4374 days ago
|
|
|
Yes, but using a token is better for usability and trust since that wont make it possible to lock out other users by clicking the forgot password link, and I as a user will think it is more likely someone doing token based resets has done security correctly. |
|
|