setting expiration time to django password reset token

If you're using Django's built-in password reset functionality, you can use the setting PASSWORD_RESET_TIMEOUT_DAYS.

Example: if a user uses a password reset link that was generated 2 days ago and you have PASSWORD_RESET_TIMEOUT_DAYS=1 in your project's settings, the link will be invalid and the user cannot continue.

More info here: https://docs.djangoproject.com/en/3.2/ref/settings/#password-reset-timeout-days


Django includes functionality to expire the token in less than 1 day in Django 3.1 or newer. Use the setting PASSWORD_RESET_TIMEOUT which takes number of seconds after which token will expire.

PASSWORD_RESET_TIMEOUT = 259200 # 3 days, in seconds

Documentation: https://docs.djangoproject.com/en/stable/ref/settings/#password-reset-timeout