You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@struts.apache.org by Wendy Smoak <We...@asu.edu> on 2003/11/10 19:18:53 UTC
OT RE: Inputs needed for Reset password
> From: mohan@physics.gmu.edu [mailto:mohan@physics.gmu.edu]
> We send him a http://blah.org/resetpwd.jsp?xdksdfksdfsdf URL with
> the key attached to the URL. The key expires in 24 hours. The
> user checks on this link in his email. We need to verify if the key is
> still valid and then allow him to change the password.
> I am not sure how to generate these random keys.
> Also let me know if there is an efficient way to check the
> time stamps for these keys.
Not really Struts related... It's fairly easy to generate random numbers
in Java, so you could take a random number and "convert" it into
letters. You could look at the Tomcat source code that generates the
jsessionid and use that. Not sure what you mean by checking the date
stamp... When you issue this key, you have to put it somewhere, which
could be a HashMap in Application scope, or in a database. Wherever you
put it, store the datestamp nearby and check it when you read the
record. If it's too old, throw an exception. Just off the top of my
head...
--
Wendy Smoak
Applications Systems Analyst, Sr.
Arizona State University, PA, IRM
---------------------------------------------------------------------
To unsubscribe, e-mail: struts-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: struts-user-help@jakarta.apache.org
Re: OT RE: Inputs needed for Reset password
Posted by mo...@physics.gmu.edu.
Thank you Wendy thats about what i was thinking.
>> From: mohan@physics.gmu.edu [mailto:mohan@physics.gmu.edu]
>> We send him a http://blah.org/resetpwd.jsp?xdksdfksdfsdf URL with the
>> key attached to the URL. The key expires in 24 hours. The
>> user checks on this link in his email. We need to verify if the key is
>
>> still valid and then allow him to change the password.
>> I am not sure how to generate these random keys.
>> Also let me know if there is an efficient way to check the
>> time stamps for these keys.
>
> Not really Struts related... It's fairly easy to generate random numbers
> in Java, so you could take a random number and "convert" it into
> letters. You could look at the Tomcat source code that generates the
> jsessionid and use that. Not sure what you mean by checking the date
> stamp... When you issue this key, you have to put it somewhere, which
> could be a HashMap in Application scope, or in a database. Wherever you
> put it, store the datestamp nearby and check it when you read the
> record. If it's too old, throw an exception. Just off the top of my
> head...
>
> --
> Wendy Smoak
> Applications Systems Analyst, Sr.
> Arizona State University, PA, IRM
>
> --------------------------------------------------------------------- To
> unsubscribe, e-mail: struts-user-unsubscribe@jakarta.apache.org For
> additional commands, e-mail: struts-user-help@jakarta.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: struts-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: struts-user-help@jakarta.apache.org