whatsthehampton
Programmer
Hi all,
Passwords are hashed - on forgotten - users are asked to reset, they then get a link to the reset page with their UserID in the QueryString by email.
This works OK and they can reset their passwords but I would like to add another layer of protection to stop this link being reused.
I am thinking of appending another QueryString Value, one that is inserted into the database and after being used is changed so that it cannot be reused.
Just wondered what the best practices are here please?
Cheers,
jeff
Passwords are hashed - on forgotten - users are asked to reset, they then get a link to the reset page with their UserID in the QueryString by email.
This works OK and they can reset their passwords but I would like to add another layer of protection to stop this link being reused.
I am thinking of appending another QueryString Value, one that is inserted into the database and after being used is changed so that it cannot be reused.
Just wondered what the best practices are here please?
Cheers,
jeff