a developer ask me this question.
“a question that token that is sent by url by get, is a
unique token which has expiration and is of single use, in addition to
it is used to validate that the recovery of the password is valid.
Even so, the sending of this token must be done by post? Yes it is
So, how can I get this token from the mail link of
recovery to my application?
Thank you so much”
And another comment below this main coment
“I forgot this token does not correspond to any session information or similar, it is simply a random string sent in the email link”
So I have some doubts about this inquiry. So since is not valid so send parameters acording to this rule FIN.S.0030: how to handle this situation ? I think is not a threat but it should implement https.
Thanks for you help