|
|
|
|
|
|
by rekabis
2352 days ago
|
|
|
Password reset involves a separate table to record user’s requests to reset, which also acts as an audit log of attempts (successful or not). As for eMail verification, you create and store a verification ID when the account gets made (I use a Guid), and it is this that the system dumps into the verification link that gets sent to the end user. Every time the username gets changed, that Guid also gets changed (along with the verified flag getting cleared) so another verification link can get sent out that is unique. Reusing a link is always bad, because you want to ensure the user goes after the most recent link. |
|
|