How can I track a user for which an OTP is entered?
Question
I am making a registration system in php, where after all the details are provided for registration, a request is sent to the backend, which then generates an OTP and sends a response to the client's phone, now when the OTP is entered and submitted, how does the backend recognize that the provided OTP is for which user?
I specifically DON't want to create session and send a token with the OTP request, which the client can again send back with OTP to verify which user. I don't want to have sessions for users who are not validated yet.
I was thinking of sending a cookie to the front end with the id of the newly created user, I am using ZendFramework, and I was setting the cookie to the response as: $this->getResponse()->setRawHeader($cookie); where $cookie is a single cookie, but somehow it's not showing in POSTMAN cookies, even though I have enabled the interceptor. And then I'm not sure, whether this is a right way to do it.
What would be the right way to do this?
1 answers
solution1
0 2016-11-22 13:46:11
您既可以将唯一的OTP保留在db中,也可以将其状态保留为“已激活”,因此,一旦用户输入该OPT,就可以与db中的该OTP进行比较。如果匹配,则可以更改“用户已激活”的状态。
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.