I am sending an email for confirmation after creation of an account to set up password.
var token = await _userManager.GenerateEmailConfirmationTokenAsync(user);
var url = Url.Page("/Account/SetupPassword", pageHandler: null, values: new { userId = user.Id, code = code }, protocol: Request.Scheme);
//Code to send email.
The email has a link which on clicking it goes to Setup Password screen where you can set the password after checking the token is valid and it is working fine.
However, because the token expiration time is 48 hours, It's possible for the user to click on the link multiple times and be directed to the screen and set password again after they have set it previously. How do I prevent the token from being active once the password has been setup successfully the first time?
There are two columns, securitystamp and concurrencystamp in the ASPNetUsers table. Would deleting any of those values fix the issue?
