If you're using Django's built-in password reset functionality, you can use the setting PASSWORD_RESET_TIMEOUT_DAYS
.
Example: if a user uses a password reset link that was generated 2 days ago and you have PASSWORD_RESET_TIMEOUT_DAYS=1
in your project's settings, the link will be invalid and the user cannot continue.
More info here: https://docs.djangoproject.com/en/3.2/ref/settings/#password-reset-timeout-days