Allow looking up of old reset password tokens from the version table (if it hasn't been disabled). If the token in the link clicked is no longer valid but exists in version table then either:
1. Display a specific message such as: "Your reset password link has expired because a new one was generated at x:x:x time", or "Your reset password link is no longer valid as you successfully set your password at x:x:x time".
2. If the old token has not expired, allow it to be used to validate the user
Allow users to configure whether this feature is used at all and which of the above two options should be used.