0

I am trying to generate a reset password link for my web application and have thought of hashing timestamp+useremail+password with a secret string and then the hashed string would be unique for each user who wants to reset their password.

But the problem is that these hashed strings have the "/" character in them at times, and so if I use these strings, then the link won't work properly. How do I avoid this problem? Which hashing technique or what else should I use for generating my links?

Krash
  • 2,085
  • 3
  • 13
  • 36
  • Hash them and replace the `/` with another character? Or hash them and remove all occurences of `/`. Another option is to hash then encode in a URL safe Base64 – Nick is tired Mar 18 '17 at 11:35
  • If I do that,suppose replace "/" with "]", when I try to decode the link in server side, I won't know how many "]" were originally "/" and how many are part of the userEmail and hashed password. – Krash Mar 18 '17 at 11:37
  • 1
    how about the last option, convert to URL safe Base64, then you can convert it back later on. – Nick is tired Mar 18 '17 at 11:39
  • Great, thanks. I will try it. – Krash Mar 18 '17 at 11:43

0 Answers0