File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
Win a copy of Clojure in Action this week in the Clojure forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

password Reset link

 
viral thakar
Greenhorn
Posts: 15
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
i m developing the web app into jsp/servlet where i need to forgot password reset link so, how i create password reset link for forgot password feature that is sent to registered user and expire that link with specific time of period also access only one time that link. please help me to solve this problem. thanks.
 
K. Tsang
Bartender
Pie
Posts: 3223
12
Android Java
  • 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
viral thakar wrote:how i create password reset link for forgot password feature that is sent to registered user and expire that link with specific time of period also access only one time that link


Welcome to the Ranch.

OK let me try to understand your problem. You want a "forgot password" link send to user (eg email) then when the user clicks/accesses it the link cannot be used again?

The last part part (sending) is easy, once the link is generated, you can use JavaMail to send an email to the user.

The link generation is a bit tricky. You want one time access so the link should include the user's ID or key (from DB) + some unique key (eg timestamp, hashcode, random number). I'm thinking how can you "prevent" it to access it only once, assuming you generated link looks something like "http://www.domain.com/resetPassword.jsp?id=1234567890098754323456789".
 
Jeanne Boyarsky
author & internet detective
Marshal
Posts: 33697
316
Eclipse IDE Java VI Editor
  • 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
K. Tsang wrote:I'm thinking how can you "prevent" it to access it only once, assuming you generated link looks something like "http://www.domain.com/resetPassword.jsp?id=1234567890098754323456789".

Keep track of which tokens have been used already in the database. A random number or timestamp is best for this token. User id would not be good because a user could want to reset passwords multiple times over days/weeks/etc.
 
Supun Lakshan Dissanayake
Ranch Hand
Posts: 135
Android Java PHP
  • 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
i've an idea. But sometimes it may be a stupid one.
Add a column as col in user table. If someone requests reset password, then the value of col turn to true. When he resets the password (check col before reset), the value turn to false.
Hope you get the idea.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic