File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes JSP and the fly likes password Reset link Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Soft Skills this week in the Jobs Discussion forum!
JavaRanch » Java Forums » Java » JSP
Bookmark "password Reset link" Watch "password Reset link" New topic
Author

password Reset link

viral thakar
Greenhorn

Joined: Aug 16, 2013
Posts: 15
i m developing the web app into jsp/servlet where i need to forgot password reset link so, how i create password reset link for forgot password feature that is sent to registered user and expire that link with specific time of period also access only one time that link. please help me to solve this problem. thanks.
K. Tsang
Bartender

Joined: Sep 13, 2007
Posts: 2615
    
    9

viral thakar wrote:how i create password reset link for forgot password feature that is sent to registered user and expire that link with specific time of period also access only one time that link


Welcome to the Ranch.

OK let me try to understand your problem. You want a "forgot password" link send to user (eg email) then when the user clicks/accesses it the link cannot be used again?

The last part part (sending) is easy, once the link is generated, you can use JavaMail to send an email to the user.

The link generation is a bit tricky. You want one time access so the link should include the user's ID or key (from DB) + some unique key (eg timestamp, hashcode, random number). I'm thinking how can you "prevent" it to access it only once, assuming you generated link looks something like "http://www.domain.com/resetPassword.jsp?id=1234567890098754323456789".


K. Tsang JavaRanch SCJP5 SCJD/OCM-JD OCPJP7 OCPWCD5 OCPBCD5
Jeanne Boyarsky
author & internet detective
Marshal

Joined: May 26, 2003
Posts: 31057
    
232

K. Tsang wrote:I'm thinking how can you "prevent" it to access it only once, assuming you generated link looks something like "http://www.domain.com/resetPassword.jsp?id=1234567890098754323456789".

Keep track of which tokens have been used already in the database. A random number or timestamp is best for this token. User id would not be good because a user could want to reset passwords multiple times over days/weeks/etc.


[Blog] [JavaRanch FAQ] [How To Ask Questions The Smart Way] [Book Promos]
Blogging on Certs: SCEA Part 1, Part 2 & 3, Core Spring 3, OCAJP, OCPJP beta, TOGAF part 1 and part 2
Supun Lakshan Dissanayake
Ranch Hand

Joined: Oct 26, 2012
Posts: 133

i've an idea. But sometimes it may be a stupid one.
Add a column as col in user table. If someone requests reset password, then the value of col turn to true. When he resets the password (check col before reset), the value turn to false.
Hope you get the idea.


Are you better than me? Then please show me my mistakes..
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: password Reset link