Home/ Questions/Q 1099981
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-17T00:48:51+00:00

The flow is: user enters email address after submit, an email is sent to

  • 0

The flow is:

  1. user enters email address
  2. after submit, an email is sent to the user
  3. The email will include a link that will take the user to a reset password page.

Now, how do I fetch user’s ID based on the email address and encrypt it? Then what should link be? Like, what I want is fetch the User ID then encrypt it somehow so that the link doesn’t contain the actual ID and that link will take the user to a page that will have textboxes to reset the password. I am just confused how to go about it.

Also is this the secure way? To reset a password like this?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    I usually create a new table in the database:

    PasswordresetRequest with the following fields:

    • Id: Guid – Id of password reset request.
    • Accountid: string – username of user
    • Created: DataTime – timestamp of when password reset were created

    Flow is as follows:

    1. User request password reset at web site.
    2. A new record is created in the PasswordresetRequest table.
    3. An email with a link to the password reset page with the password request id as request parameter is sent to the user.
    4. User click on link in email which send him to password reset page.
    5. Password request if fetched from database from request parameter. If request could be found or and request is not older than e.g. 12 hours a form is presented to user where he can enter a new password.

    This is pretty simple to implement and is secure enough for most sites.

    • 0