Assuming that I'm already using the django.contrib.auth.tokens.default_token_generator
generating tokens to reset a user's password, and
want to use the same method to activate the user, or for any other similar service, are there any of the following risks?
Once a new token is generated for the user, the previous user's tokens remain active.
Although you partially clarify my doubts #
>However, I would definitely like to understand the logic behind this method to understand the risks and benefits of production.