Reset password email link stays alive after first reset

[dbv]

Using the example simple_webapp.py: a password reset generates an email; Clicking the link in the email leads to a password reset form; Once completed, the password gets reset; Clicking the email link again allows the password to be reset again.  Should it or should the reset code be killed after first successful use?

Also, clicking the email link opens a new browser tab when another another tab is already running simple_webapp.py.  Do you know how it can use the currently opened tab?