The current behavior noticed on 14.10.16 is that after opening the reset password link once, the second time is not possible , even if the password reset was not actually done with the link . Also, there are still cases when depending on the settings on the user's side or their email client, the reset password link might be pre-read and so it would burn the only time they would be able to use the link.
It would be useful to update the reset password link timeout to a longer value, such as 1h, allowing more time to open the reset password link no matter how many times in that 1 hour after receiving the reset password mail. |
|
