i tried to follow a bit of supabase documentation but it was not that much helpfull , i am reseting user passward i have send user a email like this form supbase template

<p> <a href="{{ .RedirectTo }}?token_hash={{ .TokenHash }}&type=reset"> Reset Password </a></p> then i am navigating user to reset page in which in params it have token_hash and type = reset then set token and create a session but the session is not being set correctly it is giving me problems i have searched through documentations / youtube and in this platform also but cant figure out

  const validateTokenAndSetSession = async () => {
    const token = searchParams.get("token_hash");
    const type = searchParams.get("type");
    console.log("Token:", token); // Log the token for debugging
    console.log("Type:", type); // Log the type for debugging

    if (!token || type !== "reset") {
      toast({
        title: "Error",
        description: "Invalid or missing token. Please try the recovery process again.",
        variant: "destructive",
      });
      navigate("/fot-password"); // Redirect to fot password page
      return;
    }

    // Set the Supabase session
    const { error } = await supabase.auth.setSession({
      access_token: token,
      refresh_token: "",
    });

    if (error) {
      toast({
        title: "Error",
        description: "Failed to authenticate. The token may be invalid or expired.",
        variant: "destructive",
      });
      console.log("error",error)
      return;
    //   navigate("/fot-password");
    } else {
      setResetToken(token); ; // Token is valid, allow password reset
    }
  };
  useEffect(() => {
    validateTokenAndSetSession();
  }, [searchParams]);

  const handlePasswordReset = async () => {
    
    setLoading(true);
    
    if (resetToken){
    const { error } = await supabase.auth.updateUser(
      {
      password: newPassword,

    });

    if (error) {
      toast({
        title: "Error",
        description: "Failed to update password. The link may be invalid or expired.",
        variant: "destructive",
      });
      setLoading(false);
      return;
    }

    toast({
      title: "Success",
      description: "Password updated successfully. You can now log in.",
      variant: "default",
    });

    navigate("/login"); // Redirect to login page
    setLoading(false);
  }
  else{
    toast({
            title: "Error",
            description: "Failed to update password. The link may be invalid or expired.",
            variant: "destructive",
     });
  }
}

what i want is that i when supabase sends email to the user ,user can click url and then can change password 

But what i see the behaviour of this code is that after 4/5 minutes the password can be changed and the user is automatically logedin i have check the docs major of developers were facing the redirecting issues regarding after the changed passwrword navigation