diff --git a/VERSION b/VERSION
index 6282b70..022a812 100644
--- a/VERSION
+++ b/VERSION
@@ -1 +1 @@
-v3.9.3
+v3.9.4
diff --git a/controllers/internals/Tool.php b/controllers/internals/Tool.php
index 246507a..c0f6e73 100644
--- a/controllers/internals/Tool.php
+++ b/controllers/internals/Tool.php
@@ -463,4 +463,28 @@ use BenMorel\GsmCharsetConverter\Converter;
             $converter = new Converter();
             return $converter->cleanUpUtf8String($text, true, '?');
         }
+
+        /**
+         * Encode some data into the URL version of Base64 encoding
+         * 
+         * @param string $data Input data
+         * @return string A Base64 (URL-safe) encoded string
+         */
+        public static function url_base64_encode(string $data): string
+        {
+            return rtrim(strtr(base64_encode($data), '+/', '-_'), '=');
+        }
+
+        /**
+         * Decode a URL-safe Base64 encoded string
+         * 
+         * @param string $data Encoded data
+         * @return string Decoded original data
+         */
+        public static function url_base64_decode(string $data): string
+        {
+            $replaced = strtr($data, '-_', '+/');
+            $padded = str_pad($replaced, mb_strlen($replaced) % 4 === 0 ? mb_strlen($replaced) : mb_strlen($replaced) + 4 - mb_strlen($replaced) % 4, '=', STR_PAD_RIGHT);
+            return base64_decode($padded);
+        }
     }
diff --git a/controllers/publics/Connect.php b/controllers/publics/Connect.php
index c97d6f2..3884259 100644
--- a/controllers/publics/Connect.php
+++ b/controllers/publics/Connect.php
@@ -11,6 +11,8 @@
 
 namespace controllers\publics;
 
+use controllers\internals\Tool;
+
     /**
      * Page de connexion.
      */
@@ -117,8 +119,9 @@ namespace controllers\publics;
 
             $Tokenista = new \Ingenerator\Tokenista(APP_SECRET);
             $token = $Tokenista->generate(3600, ['id_user' => $user['id']]);
+            $encoded_token = Tool::url_base64_encode($token);
 
-            $reset_link = \descartes\Router::url('Connect', 'reset_password', ['id_user' => $user['id'], 'token' => $token]);
+            $reset_link = \descartes\Router::url('Connect', 'reset_password', ['id_user' => $user['id'], 'token' => $encoded_token]);
 
             $mailer = new \controllers\internals\Mailer();
             $email_send = $mailer->enqueue($email, EMAIL_RESET_PASSWORD, ['reset_link' => $reset_link]);
@@ -139,7 +142,8 @@ namespace controllers\publics;
 
             $Tokenista = new \Ingenerator\Tokenista(APP_SECRET);
 
-            if (!$Tokenista->validate($token, ['id_user' => $id_user]))
+            $decoded_token = Tool::url_base64_decode($token);
+            if (!$Tokenista->validate($decoded_token, ['id_user' => $id_user]))
             {
                 return $this->render('connect/reset-password-invalid');
             }