A common function is to forget the password. By entering the previously registered email, we send a link to the user's email to reset the password. Username + random string + expiration time, and then use md5 encryption. Is this design feasible? If the user does not click the link, the expired... A common function is to forget the password. By entering the previously registered email, we send a link to the user's email to reset the password. Username + random string + expiration time, and then use md5 encryption. Is this design feasible? If the user does not click the link, how do I clear expired identifiers?
Reply content:
A common function is to forget the password. By entering the previously registered email, we send a link to the user's email to reset the password. Username + random string + expiration time, and then use md5 encryption. Is this design feasible? If the user does not click the link, how do I clear expired identifiers?
Entire Process:
- Each user is required to use a unique email address during registration. After registration, an email is sent to the user's email address.
- You are required to enter the email address when retrieving the password. If you do not remember the address, search for it in your email address.
- The password retrieval function is limited to three times per account per day (only three emails can be sent). The cache is used to complete this count.
- Write a random string as the Token to the cache when you retrieve the password. The validity period is one day. Send a link containing the Token to your mailbox.
- The user returns from the link to verify the validity of the Token, then prompts to fill in the new password, and then submits the new password and Token together to the backend to complete the password modification operation.
- Delete the Token Cache
