setting expiration time to django password reset token
If you're using Django's built-in password reset functionality, you can use the setting PASSWORD_RESET_TIMEOUT_DAYS
.
Example: if a user uses a password reset link that was generated 2 days ago and you have PASSWORD_RESET_TIMEOUT_DAYS=1
in your project's settings, the link will be invalid and the user cannot continue.
More info here: https://docs.djangoproject.com/en/3.2/ref/settings/#password-reset-timeout-days
Django includes functionality to expire the token in less than 1 day in Django 3.1 or newer. Use the setting PASSWORD_RESET_TIMEOUT
which takes number of seconds after which token will expire.
PASSWORD_RESET_TIMEOUT = 259200 # 3 days, in seconds
Documentation: https://docs.djangoproject.com/en/stable/ref/settings/#password-reset-timeout