Reset Forgotten Password

This is the pseudo-code for scripting a forgotten password routine in your web software.

* User selects forgot password option
* User enters email address, maybe with confirm visual image code
* Find that email address in your database, verify it exists
* Generate a unique ID (token) and send this in an email confirmation mesage to the end user
* In addition save this unique ID (token) in a database along with a TTL (Time to Live) value.
* When the end user opens his/her email and clicks on the confirmation link
* Retrieve the unique ID (token) from the confirmation URL
* Check this exists in the table created above and verify that the TTL has not expired.
* If all okay, option to allow user reset password by entering a new password.
* Alternatively - a new randomly generated password is sent to that users email account.


Popular posts from this blog

ActiveMQ, easy to use open source message oriented middleware (MOM)

Basic Send Message to MQ with Java and IBM MQ JMS

Apache Apollo