Hi all,
I run a hosted website for 100k+ users - often not sophisticated ones. 80% are on mobile phones. In recent weeks we started getting a lot of people seeing “Invalid Token” when they try to reset passwords. We are using Django 3.2.25, which uses SHA256 as the algorithm. We are using the standard django.contrib.auth.views.PasswordResetView.
When we test ourselves, it always seems to work.
Any ideas how to approach this, or for anything we can rule out?
- Andy