0

I am making an website that has register and login functionality which works fine. However, I want to add confirmation code process after the registration process.

I can create a random confirmation code in frontend(Angular) side and send it with SMTP protocol to user email account and user should enter this confirmation code in 2 minutes. However when I think more, it can cause a conflict(very slight possibility but not impossible) like it can be generated same confirmation code in 2 minutes.

So, now I decided to generate confirmation code in backend side(Spring Boot) and make the confirmation checking in backend side. So, in backend side I should check the generated confirmation code is generated already in 2 minutes.

Thus, I can use a dynamic list that has active confirmation codes and search the generated confirmation code in the list. If the code exist in the list, then create another one until the list doesn't have.

How can I create a dynamic global list that can be visible among all different request in Spring Boot? Or there is another way(best practice) for this confirmation process?

javac
  • 441
  • 4
  • 20
  • Just create a UUID as the token, put it in DB, with a max time. Don't try to reuse tokens etc. that is going to be too complex. – M. Deinum Jun 01 '20 at 11:43
  • @M.Deinum However, when should delete expired confirmation codes? And why store in the db this kind of temporal data? And it will take up a lot space if I don't delete them regulary. – javac Jun 01 '20 at 11:58
  • Give it a timestamp of expire, have a job removing all expired keys every 30 minutes or so. What if you store them in-memory and your application goes down, how should one then submit its confirmation? What if you have 10 instances of your application, how do you sync the tokens between them? Just generate and store them in a datastorage is the easiest solution. – M. Deinum Jun 01 '20 at 12:15

0 Answers0