The auto login link does not expire on changing email id

The auto login link does not expire on changing email and can be reused to login into user account Eg link : https://chaturbate.com/accounts/autologin/?█████ Attack Scenario: 1: Users email id has been compromised so now user changes emall id & password of account 2:but attacker can login into user account just by using the auto login link as it do not expire on changing email id & password Steps To Reproduce 1: Change email id and confirm new email 2:now try opening login link 3' you would be logged in into user account Fix:; Link should expire once used or have some time limit ## Impact Account takeover