Basically when a user wishes to recover their password, I generate a hash and store it in a MySQL Database. I do not want this hash to exist forever though, but to be removed from the database after say 5 minutes.
Does anyone know how to do this?
Also if anyone has any ideas about implementing password reco开发者_运维百科very in a different way I would love to hear.
Thanks in advance, Tom.
Next to the hash, store a date with it. Whenever that date is in the past, the recovery key doesn't work anymore.
No need to actually delete the key then
edit based on comments:
You should run a cronjob every now and then. For example once a day, to delete the keys not used, and already expired.
Your best bet would be to install the APC cache (which has many other benefits) and simply set the key-value pair to expire in the desired amount of time.
精彩评论