Mail reset token should not be deleted at first page access
When using "reset password by mail" plugin, the token sent by mail to user is directly destroyed at first page access. It is an issue for users having a mail client that does a "preview" of the link. The mail client access to the link and burn the token, then user can't reset its password anymore.
Design proposal: delete token only after form submission.