How do I have expiration time on the recovery link?

Navigation
0

I've done a function in the codeigniter for password recovery and everything is working, only I wanted it to expire the link has a x time / day.

What is the logic to use in this situation?

    
asked by anonymous 02.09.2016 / 22:01

1 answer

1

A good solution would be, when requesting password recovery:

Having a constant that defines the expiration time;

  • Create a token with the current date information;
  • Associate this token with the user in the database;
  • Send the recovery link with the token in the url;

    • When the link is accessed:

  • Retrieve Token via GET ;
  • Verify that the token is equal to the database;
  • Extract the date from the token and compare it with the current one, taking into account the expiry time that has been set in the constant.

    • If there is a password change, change or remove the token to invalidate the link.

    This is a generic and safe way to do it, of course! Not being the only one.

    I hope you have helped!

        
    02.09.2016 / 23:05
    Validation with Parsley and Modal window Problems to generate SQL command