Password Update Link Error

A user is receiving the following error message when pasting the password reset link into browser

User advised has followed password format but Set Password button is greyed out.

There was an error with your login -- the Session ID attached to your email (tvMMx2QgiKicEiWBlsmFSQfXo) was not valid. Please check to make sure the full link from the most recent email was sent when clicked.

Club 4843411
Website 4843411.toastmastersclubs.org/
User: Candice Anderson

The links that are sent by password reset can only be used once.

They will need to request a new link using the forgot password link.
If the member is constantly having to reset their password they need to check their browser setting with this link.
support.toastmastersclubs.org/doc/item/cookie-settings

If the user does the authenticate (no password) multiple times, then multiple emails with links in them will be sent. I am seeing that multiple emails were sent. Every time you cause a new email to be sent, the session "key" in any *prior* emails is invalidated.

In this multiple email scenario, only the link in the *most recent* email will work. If the user clicks the link in an older email, they will get this error.

Additionally, I am seeing multiple IP addresses involved in this, which implies multiple people (on more than one device) were clicking the same link... This implies that maybe the email was forwarded to another person or the same person was working on multiple devices. (or dynamic IP address)

Ideally, this is supposed to be one email containing one password reset link sent to one user who locates that email on one device and clicks the link inside it. If you are deviating from this, then you certainly could have issues.