Need application to remember the verification code

Hello,

My application sends a verification code to user after he logs in.  I need my application to remember this code for 30 days.   I cannot use session variables for remembering the verification code since I need the application to timeout after 30 min.  Is there any other way for my application to remember the verification code for 30days and reset it after 30 days?

Thanks
perlwhiteAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Paul JacksonSoftware EngineerCommented:
The only way I can see you doing this is by storing it in the database with a timestamp and probably a userid and then have a sql job that runs daily and deletes any verification codes that have expired that day or the day before.
0
AndyAinscowFreelance programmer / ConsultantCommented:
You could store it in the registry along with a timestamp.  Then when your app starts you read them and check them for validity.
0
Paul JacksonSoftware EngineerCommented:
Using the registry for an ASP.net app to store user information is not recommended as the information will  be stored on the server not the client machine.
0
Cloud Class® Course: Certified Penetration Testing

This CPTE Certified Penetration Testing Engineer course covers everything you need to know about becoming a Certified Penetration Testing Engineer. Career Path: Professional roles include Ethical Hackers, Security Consultants, System Administrators, and Chief Security Officers.

käµfm³d 👽Commented:
@jacko72
The only way I can see you doing this is by storing it in the database...
What about cookies?
0
Paul JacksonSoftware EngineerCommented:
@kaufmed

Good point although that does depend on the users browsers not being locked down to prevent cookies, which is the problem I've had in the past so it depends on the environment but cookies would be the less hassle approach.
0
AndyAinscowFreelance programmer / ConsultantCommented:
As the question is also in the C# area (as well as ASP.net) and refers to an app it isn't clear where the app is running.  If on the client machine then the registry is suitable.
0
Paul JacksonSoftware EngineerCommented:
@AndyAinscow

But the question does refer to session variables which suggests an ASP.net application
0
perlwhiteAuthor Commented:
Thanks all for replying.  My application will run on client machines.  I like taking the cookies approach since it is faster to develop.  However, how would I check if they are 30 days old  or not.  I remember somewhere reading something like cookies.addvalues(x) to clear out the cookies after x minutes but cannot find it anymore!

That also means that I have to remember login name in cookies.  Please correct me if I am wrong,
0
Paul JacksonSoftware EngineerCommented:
Good guide to cookies in the link below, you can set the cookie to expire when you save it to the client machine. You can also save a cookie on a user basis by using the username in the cookie name.

http://msdn.microsoft.com/en-us/library/aa289495(v=vs.71).aspx
0
AndyAinscowFreelance programmer / ConsultantCommented:
@jacko72 - have you never encountered a question where a technical term is being used mistakenly or incorrectly?  I have, numbers of times.  Also see the most recent comment made by the asker of this question:

>>My application will run on client machines

In that case you can use the registry to store information.  As previously mentioned cookies might be disabled.  The registry will always be available, it is independent of the browser settings.  The logic would be the same as if you went for a cookie approach.  The code is trivial.
0
käµfm³d 👽Commented:
@AndyAinscow

I think you are confusing web apps and Forms/Console apps. Generally speaking, the term "cookies" is a web-related term. It could certainly be done in a Forms or Console app--after all, a cookie is just a text file that the browser stores--but that would seem a bit odd--at least if you were to call it a "cookie". Web pages do not have access to write to the registry, as a security precaution. If the web site were being hosted on the local machine's IIS, then you could have the app write to the registry (assuming the user the site is running has is granted the appropriate permissions), but even then that seems a bit overkill.

I think what the author is saying is that he has a website (web page) that will be hosted on the server and which will be displayed on the client's machine, like any web page would be.

Just my thoughts  = )
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
C#

From novice to tech pro — start learning today.