Where does PHP usually store the verification code after it is sent?

In the use of the mailbox for registration verification, password retrieval, the user's mailbox will be sent a verification code, and then through the user's mailbox verification code to the PHP back-end sent after the verification code to save the registration status certification, password retrieval and other functions. The question is, where is the verification code sent by PHP to the user's mailbox? Is the MySQL database, the Redis database, the session, or the other way.

Reply content:

In the use of the mailbox for registration verification, password retrieval, the user's mailbox will be sent a verification code, and then through the user's mailbox verification code to the PHP back-end sent after the verification code to save the registration status certification, password retrieval and other functions. The question is, where is the verification code sent by PHP to the user's mailbox? Is the MySQL database, the Redis database, the session, or the other way.

After sending the verification code, allowing the user to do the next step on another page, it may be another session, so it is not appropriate to save it in the same session.

After sending the verification code, it also allows the user to have a certain operating time limit, such as valid for 24 hours. It is necessary to ensure that users enter the same verification code within 24 hours, must be able to use. In general, Redis is just as a buffer database, not persisted, reboot will result in the loss of saved data, a large number of buffered data may overwrite the old data, the availability of the verification code is not guaranteed.

Therefore, it is more prudent to keep the database in a persistent language. Mysql is possible, of course, Redis can also be persistent

Save the database, set a Time field to determine whether it expires.

Suggest or save the database inside/daze Well design Show your talent Time is up

MySQL database. Because you may be in effect within 24 hours. PHP programmer, Rechesson's personal blog

Generally exist in the database, when the code is sent to write to the database, and cron task (cloud monitoring also line, the time to clean up expired verification code), user verification operation after the update field values (such as change the password, update set Validate=false ...) or delete this line directly),

does not recommend the existence session, because changes the browser or closes the browser to be invalid, the experience is very poor (my small station is to use this way, sometimes the verification code sends the slow point direct invalid, needs to set up the session life cycle php.ini, certainly also can set the cache, does not recommend not recommended)
A small station with MySQL.

Need to see what your CAPTCHA is authorized to do, if the operation is more sensitive, from security considerations, it is recommended to place the session in order to ensure that the operator and the verification code input is the same person.

This problem, according to your application scenario needs to start, generally recover password sent verification code, verification code will have expired time, such as 10-15 minutes verification code failure, not always effective, so that the safety factor will be reduced. Therefore, the general use of cookies memcache Redis to do storage is possible, if you need long-term non-expiring, the use of MySQL to store, but this method is not recommended

NoSQL and database All right, we register and retrieve password of SMS verification code by key value pair form Memcache, valid value is half an hour, time over automatic failure

This verification code is usually the cache of the cache type, you can configure the file memcache to the end of the verification code will be set an expiration time expires after the cache system will automatically delete ...

The simplest is that there is a session but multi-server scenarios involving session sharing this time you can choose the Redis memcache such nosql can also choose MySQL recommended using NoSQL normal memory is faster than disk You can also directly modify the configuration of the php.ini to change the session driver to Redis

Scenario 1: Put the memory directly in map form, key is the user's unique indicator, and periodically clears the expired verification code.
Scenario 2:redis, data persistence and expiration are not handled by themselves, and rely on Redis.

