1

Basically when a user wishes to recover their password, I generate a hash and store it in a MySQL Database. I do not want this hash to exist forever though, but to be removed from the database after say 5 minutes.

Does anyone know how to do this?

Also if anyone has any ideas about implementing password recovery in a different way I would love to hear.

Thanks in advance, Tom.

Improve this question

2 Answers 2

Reset to default
5

Next to the hash, store a date with it. Whenever that date is in the past, the recovery key doesn't work anymore.

No need to actually delete the key then

edit based on comments:

You should run a cronjob every now and then. For example once a day, to delete the keys not used, and already expired.

Improve this answer
Sign up to request clarification or add additional context in comments.

6 Comments

Sure there is, database maintenance is also important. He should still have a cron job or something to remove all keys which are past the current date every night.
And if you do want to delete the key, you can just run a query every few minutes that deletes keys which have passed their expiration date.
If you take this approach you also would be able to track how often someone tries to recover a password (depending on the data structure), which might help you identify attacks on your application / track down where intrusions have occurred.
if you would be so kind to actually approve the answer :)
approved now, had to wait 10 minutes to accept. Thanks for the info about cron.
|
1

Your best bet would be to install the APC cache (which has many other benefits) and simply set the key-value pair to expire in the desired amount of time.

Improve this answer

1 Comment

Hi, thanks for the answer. I was looking at APC and it's probably something i'm going to add to the system in the future, just looking for a quick fix atm :)

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.