• 3 Posts
  • 60 Comments
Joined 1 year ago
cake
Cake day: June 20th, 2023

help-circle


  • Not really the only reason. It would be better to just return “token invalid”.

    It could occur by someone messing with the URL from the reset password email, like accidently adding an extra character before pressing enter

    Or a poor email client that wraps the URL and doesn’t send the complete one when clicked.

    Or someone attempting to find a weakness in the reset password system and sending junk as the token.