[Yanel-dev] Forgot password feature
Michael Wechner
michael.wechner at wyona.com
Thu Jul 23 20:45:24 CEST 2009
Dear Prabodh
I am currently testing the forgot password feature and have a couple of
questions:
IIUC if a successful request (email exists) was done, then for this user
a file will be created
data-repo/data/change-password-requests/USER_ID.xml (whereas the path
change-password-requests is configurable)
with the following content
<?xml version="1.0" encoding="UTF-8"?>
<user xmlns="http://www.wyona.org/yanel/1.0">
<email>michael.wechner at wyona.com</email>
<starttime>1248374094694</starttime>
<guid>f4c9fa73-b10a-4033-a31c-7d0339bd3937</guid>
</user>
How is <starttime> related to the expire date of this request?
What does <guid> stand for? I guess the content is the "reset password
request id", but if so, then why call it like that?
Why save the email instead the user id?
Re scalability, if we have one million users and many people forget
their passwords, do we have to parse all these files to find the correct
"reset password request id"?
Why not deleting this file after the password has been reset successfully?
All the best
Michael
More information about the Yanel-development
mailing list