I recently registered my website mobile phone number. When a user submits a mobile phone number, the server generates a verification code and sends it to the user's mobile phone number. When a user submits a verification code for comparison, should the verification code generated by the server be stored in the database? There is still a better way, such as Session. I recently registered my website mobile phone number. When a user submits a mobile phone number, the server generates a verification code and sends it to the user's mobile phone number. When a user submits a verification code for comparison, should the verification code generated by the server be stored in the database? There is still a better way, such as Session.
Reply content:
I recently registered my website mobile phone number. When a user submits a mobile phone number, the server generates a verification code and sends it to the user's mobile phone number. When a user submits a verification code for comparison, should the verification code generated by the server be stored in the database? There is still a better way, such as Session.
The best way is to set the expiration time of the memory to about 60 seconds.
You can use memcache
In fact, we usually use a lot of mobile phone verification functions.
Click "text message Verification", send a text message, and the countdown starts. In the countdown period, the user may not receive the text message for various reasons, providing an interface for resending the text message.
The text message Verification Code does not need to be stored persistently. It is a good solution to set the exact expiration time in the memory. The session expiration time is not strict, for example, 60 s, but it may not be cleared in 60 s. Apsaradb for redis and apsaradb for memcache both enable the memory storage of verification codes to automatically expire.
In the database, only one field is required to identify whether the user has been authenticated by SMS.
Of course, if your application cannot be registered without text message authentication from the very beginning, this ID field will not make much sense.
We recommend that you store the data in the database and set whether a field is verified. In this way, it may be easier for you to operate.
I personally think that after I click "Send verification code", the server will generate the verification code and time, which will be stored in the session. After submission, I can compare the verification code with the timestamp. It is best to store the time, even internally, after all, the cache time is not too accurate.
We recommend that you save the database and do more, for example:
- Verification Code sent
- Today's verification code error count
Does the SMS interface provide real message Arrival notifications?
We recommend that you save the SMS sending record persistently.
1. Avoid text message bombing, you know;
2. Text message sending is not free.
Use REDIS to set the validity period of a key.
The focus is on text message service providers ....... 40 minutes .. When you receive the verification code
Ajax verification, put it in the cache, set the expiration time, cache judgment and code for verification
The verification code is cached. You can add verification fields to the database, set an expiration time, and write errors in the cache.
I personally think it still existsDatabaseIs a relatively safe solution,
1) The concept should not be limited to the Verification code.TimelinessTop,
2) existDatabaseMore restrictions can be provided, such as the number of times each number receives a verification code per day (this is an obvious requirement when your user group is large)
3) You can clearly know which verification code you send to a user, which is convenient for the SP operator.LogarithmAnd so on.
Based on the projects I have doneDatabaseOf
After learning about memcached for a project in the previous year, you can find it useful. If you store this kind of things to memecached, you can set the expiration time as long as you want to expire. This helps you easily solve your current puzzles.
I just saw someone talking about using REDIS upstairs. That is also the line. Key-value pairs are stored in the memory and can also share data with other applications.