Pregunta
I am using the inbuilt password reset functionality of Django which emails the user the password reset link. Is there an option in Django to set an expiration time to the link suppose 6 hours after which the link become invalid and user will have to request again for password recovery.
Solución
If you're using Django's built-in password reset functionality, you can use the setting PASSWORD_RESET_TIMEOUT_DAYS.
Example: if a user uses a password reset link that was generated 2 days ago and you have PASSWORD_RESET_TIMEOUT_DAYS=1 in your project's settings, the link will be invalid and the user cannot continue.
More info here: https://docs.djangoproject.com/en/3.2/ref/settings/#password-reset-timeout-days
Otros consejos
Django includes functionality to expire the token in less than 1 day in Django 3.1 or newer. Use the setting PASSWORD_RESET_TIMEOUT which takes number of seconds after which token will expire.
https://stackoverflow.com/questions/21155264
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianPASSWORD_RESET_TIMEOUT = 259200 # 3 days, in seconds
Documentation: https://docs.djangoproject.com/en/stable/ref/settings/#password-reset-timeout
