Where are the verification codes sent by php stored?

When you use an email address for registration verification and password retrieval, the system sends a verification code to the user's email address, and then compares the verification code in the user's email address to the Verification code saved by the php backend for registration status authentication, password retrieval and other functions. The verification code sent by php to the user's mailbox is saved in... when you use an email address for registration verification and password retrieval, the system sends a verification code to the user's email address, and then compares the verification code in the user's email address to the Verification code saved by the php backend for registration status authentication, password retrieval and other functions. I want to ask where is the verification code sent by php to the user's mailbox saved? Is it mysql database, redis database, session or other methods.

Reply content:

When you use an email address for registration verification and password retrieval, the system sends a verification code to the user's email address, and then compares the verification code in the user's email address to the Verification code saved by the php backend for registration status authentication, password retrieval and other functions. I want to ask where is the verification code sent by php to the user's mailbox saved? Is it mysql database, redis database, session or other methods.

After the verification code is sent, you can perform the next operation on another page, which may be another session. Therefore, it is not appropriate to store the verification code in the same session.

After the verification code is sent, users are allowed to have a certain operation time limit, for example, within 24 hours. You must enter the same verification code within 24 hours. Generally, redis serves as a buffer database without persistence. Restarting redis will lead to loss of stored data. A large amount of buffered data may also overwrite old data, and the availability of the verification code is not guaranteed.

Therefore, it is safer to store the data in a database that can persist words. Mysql works, and Redis can also be persistent.

Just save the database, and set a time field to determine whether it has expired

It is recommended that you save the database/stay in a daze and design your talents well. It's time to show your talents.

Mysql database. Because you may be valid within 24 hours. PHP programmer, Lei xuesong's personal blog

Generally, databases exist, and the database is written when the verification code is sent, and cron tasks (cloudmonitor can also clear the expired verification code at the specified time ), after user verification, update the field value (for example, after changing the password, update set validate = false... or directly delete this line ),

We do not recommend that you have a session because it is ineffective if you change the browser or close the browser. The experience is very poor (this method is used in my small website. Sometimes, when the verification code is sent slowly, it is invalid directly. You need to set php. ini changes the session lifecycle to a higher value. Of course, you can also set the cache. This is not recommended)
The station uses MySQL.

It depends on the operation authorized by the Verification Code. If the operation is sensitive, we recommend that you put it in the Session to ensure that the operator and the verification code are the same person.

This problem depends on your application scenario. Generally, you can retrieve the verification code sent by the password and the verification code will expire. For example, the verification code will expire in 10-15 minutes instead of being valid all the time, this reduces the security factor. Therefore, it is okay to use cookie memcache redis for storage. If you do not need to expire for a long time, you can use mysql for storage. However, this method is not recommended.

Nosql and databases are all right. The text message verification code for registering and retrieving passwords is saved to memcache through key-value pairs. The valid value is half an hour, and it will automatically expire after a while.

This verification code is generally the cache type stored in the cache. You can configure file memcache as needed. Finally, the verification code will set an expiration time and the cache system will automatically delete it...

The simplest thing is that session sharing is involved when multiple servers exist in the session. At this time, you can choose nosql such as redis memcache or mysql to recommend using nosql. In normal cases, the memory is faster than the disk. php can be directly modified. the ini configuration changes the session driver to redis.

Solution 1: the memory is directly stored as a Map. The key is the unique identifier of the user, and the expired verification code is regularly cleared.
Solution 2: Redis, data persistence and expiration do not need to be processed by itself, rely on redis.