Open P0intMaN opened 2 years ago
Yes, a cronjob would be helpful. Or there is a workaround - once the user sets the new password, we can delete all the OTPs associated with that user at the same time.
once the user sets the new password, we can delete all the OTPs associated with that user at the same time.
Yes, this is a good idea too.
The Forgot Password functionality stores the OTP in an OTPModel DB. Its keeping a tab of all the OTPs generated. The concerns arise on the fact that its still has stored OTPs that are obsolete.
I noticed this happening on two occasions:
One workaround to this might be to flush the DB after every 15minutes or so. I think we may use cronjob to achieve this. I am open to discussions and any ideas to solve this problem.
Pinging @CYBERDEVILZ @ashutoshkrris @arayush841