Hi, I’ve implemented OTP mechanism on my website, following Ido’s suggestions here , - it is basically using a DB table to store the phone number and OTP and than verifies it against the OTP entered by user than deletes the relevant OTP entry.
Everything is working fine. the last thing I got left to do is to delete old OTP which were not used /not verified.
I decided on 60 seconds password lifespan.
I know I can use the AFTER INSERT hook and wait 60 seconds (using setTimeout) - than delete the entry - my concern is that it will block the backend from processing other requests done simultaneously (sort of temporary deadlock). I’ve heard about easycron - but it seems kind of tidious to use external service that will run every 10 seconds to look for passwords older than 60 seconds.
Appreciate any suggestions
Assaf
add the requestedTime to the database (accurate as seconds), check whether it is vaild when submit: requestedTime + 60secs > time now
Thanks for the response - but the issue I’m facing is a bit different - the user doesn’t submit the OTP back. Consider the following scenario:
- Let’s say a user is asking for OTP
- OTP is sent to client
- Client doesn’t use the OTP (moved to another page and forgot to get back or simply asked for new OTP since couldn’t find the SMS) -
As a result the client entry (OTP + phone number) remains in DB with no process that will delete it. using the Wix cron job is not an option since its smallest interval is one day and we are talking about 60 seconds OTP validity.
I’ve tried using the setTimeout with the AfterInsert hook - it seems to be working well for one concurrent client - but I’m not sure it is the optimal solution for multiuser.
Great idea! Let see if someone got a better method! If I were you, I also use the setTimeout with the AfterInsert hook…