Mobile phone number Registration ideas

Recently in the website mobile phone number registration, is the user submitted mobile phone number, the server generated a verification code sent to the user's mobile phone, the user submitted a verification code comparison, the server generated verification code should not be stored in the database? There are better ways to do it, like a session or something.

Reply content:

Recently in the website mobile phone number registration, is the user submitted mobile phone number, the server generated a verification code sent to the user's mobile phone, the user submitted a verification code comparison, the server generated verification code should not be stored in the database? There are better ways to do it, like a session or something.

The best way to do this is to have memory set expiration time of about 60 seconds
You can use Memcache

In fact, we used a lot of mobile phone verification function
Click SMS Verification, send SMS, countdown start, in the countdown period, the user may not receive a text message for various reasons, provide a re-send SMS interface

Visible SMS Verification code is not required to persist storage, this thing put in memory set accurate expiration time is a good solution, session expiration time is not strict, such as set 60s, but not necessarily in the 60s time to clear. The Redis,memcache can implement the automatic expiration function of the verification code memory storage.

In the database, as long as a field, identify whether the user has been mobile SMS authentication

Of course, if your application from the beginning, without SMS authentication will not be able to register, this identification field does not make much sense

It is recommended or stored in the database, and set whether a field is validated. This way, it may be more convenient for you to operate.

Personally feel that click to send verification code, server-side generation of verification code and time, stored in the session can be, after the submission of verification code and time stamp can be, even within the intrinsic inside also preferably stored on time, after all, the cache time is not too accurate.

It is recommended to save the database, you can do more things, for example:

1. Verify the number of verification codes sent
2. Number of verification code errors today

Does the SMS interface provide true message arrival notifications?
SMS send records suggest persistent save.
1, to avoid text bombing you understand;
2, SMS send is not free of it.

Using Redis, set a key to a valid time

The focus is on SMS service providers .... 40 min.: When you get the verification code, you're hematemesis.

Ajax verification, put in the cache, set the expiration time, cache to determine the code to verify

The verification code uses the cache, the database increases the validation field, sets an expiration time, and so on the error count can be written in the cache.

Personally feel that there is a more secure database in the program,

1) Ideas should not be limited to the validity of the verification code above,
2) The existence of a database can provide more restrictions, such as the number of times per day for each number of verification code (when your user base is relatively large, this is an obvious need to do the limit)
3) You can clearly know which verification code you send to a certain user, convenient and SP operator logarithm , etc.

According to project I've done, we're all on the database .

Last year project needs, learning memcached, found particularly useful, you put this stuff into memecached, how long you want to expire to set the expiration time, easy to fix your current confusion

I just saw someone upstairs saying that with Redis, that's okay. Key-value pairs are stored in memory and can also share data with other applications

