How do I get expiration time on the recovery link?

Asked

Viewed 80 times

0

I did a function in the fur codeigniter for password recovery and it’s all working, only I wanted it to expire the link has a x time/day.

What logic to use in this situation?

  • Sends in the link a query-string that is an encrypted date that is the deadline. The codeigniter has encryption function.

1 answer

1


A good solution would be when requesting password recovery:

Having a constant that defines the expiration time;

  1. Create a token with the current date information;
  2. Associate this token to the user in the database;
  3. Send the recovery link with the token in the url;

When the link is accessed:

  1. Retrieve the Token via GET;
  2. Check if the token matches the database;
  3. Extract the date from the token and compare it to the current one, taking into account the expiration date that was set in the constant.

If there is a password change, change or remove the token to invalidate the link.

This is a generic and safe way to do it, of course! Not being the only one.

I hope it helped!

  • More and if I wanted the expiration time to be for example in 2 hours, how would I do? I’m out of ideas here at the moment because tmb never thought to do that.

  • Include the date and time in the token and compare if the difference of the current date/time with the date/time of the token is less than 2. If so, be it. All ok! If not, please inform that the link is expired.

Browser other questions tagged

You are not signed in. Login or sign up in order to post.