I have a functionality in which a token to recover the password is sent in the url using GET method.
I’ve listened that I shouldn’t send sensible parameters in the url but the thing is:
- Is a unique token (random string sent in the email)
- Is a single use token
- It has expiration time
- This token doesn’t correspond to any session information or similar
So if I have to use POST method, how can I get and use this token from the recovery’s mail and pass it to my application?
Thanks for you help