in reply to Expiring password after a time limit has elapsed

kyle (++) has given you an idea regarding storing the password expiry information on the SERVER side.

I would suggest that an alternative is to sore that information on the CLIENT.

Subject to security requirements, cookie availability, and limitations of code complexity, I think the easiest would be to store the expiry timestamp as a cookie on the client. Encrypt this with MD5 or more complex, if necessary. If the cookie you receive has expired, does not exist, or is invalid, you have detected an expired/invalid password situation, with very minimal server overhead for checking.

     "As you get older three things happen. The first is your memory goes, and I can't remember the other two... " - Sir Norman Wisdom

  • Comment on Re: Expiring password after a time limit has elapsed

In Section Seekers of Perl Wisdom