Ver. 11.0 MVC .Net Core
I had a user who was unable to access their account because of a change to their email address in the database. They used an old copy of a Password Reset Email to get in. While I am glad they got in, it does seem like a potential issue to have the password reset email be valid 'forever'. Is there something that can be done so the token expires?