However, IMO it is far better to just generate another one, and have them expire automatically after either a set time, or after a successful password change/reset. In the case that generating a new link expires existing ones, where there is no rate limiting, it would be theoretically possible to prevent someone resetting their password by continually requesting new links for their account.
Bri
—
Best Regards,
Brian Maher
Senior Research Software Engineer & Systems Administrator
King's Digital Lab
VWB, 2nd Floor, Room 2.50, Strand Campus
Work: 0207 848 0511
Mobile: 07714 285086
Voip: 01702 667471
On 23 Oct 2019, at 15:10, Nelson Varela <nelson.c.varela@gmail.com> wrote:
Why give out more than one link? Why not use get_or_create to make link or use existing link for that user?
Op woensdag 23 oktober 2019 15:06:17 UTC+2 schreef prabhakaran karthikeyan:If an user requests a password reset link, clicking on it will make the link expirable. Suppose, user requests more than one link mistakenly, just need to expire the first link . The user should get reset form only from recent link. Any help is appreciated. Thank You.--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/d1bd6182-8583-42ed-b767-36e1c4d1eed8%40googlegroups.com.
No comments:
Post a Comment