SuperTokens is an open source authentication solution offering features like: Different types of login: Email / password, Passwordless (OTP or Magic link based).

SuperTokens.com

> Is this also the intended outcome? If so, how do I go about preventing that from happening?
Yes. This is intentional. It's done for better UX - the chances of an end user refreshing that page, or visiting that page again and again (with an unverified email) is low.

If you would like to disable it, you can do so by overriding the `generateEmailVerifyTokenPOST` function in `override  -> emailverification -> apis` object (see https://supertokens.io/docs/thirdpartyemailpassword/advanced-customizations/apis-override/usage), and enforcing a rate limit to the API somehow.

Another way would be to override the `sendVerificationEmail` function on the frontend `override -> emailverification -> functions` and make it do nothing. Then add some JS to listen to on click for the resend email button, and call the API manually. But here, if the user doesn't click on resend, then an email won't go to them at all, which is bad UX. So you would probably have to modify the screen to add to add a send email button.