I want to force someone to change their password after 60 days. I'm going to write how I was planning on doing it and see if you experts have any recommendations for me.
So I'm going to use Date or Date time - that doesn't matter how I generate 60 days.
I want to render the user incapable of performing any tasks until they change their password.
Here's how I was going to do it
-Do not set a cookie
-load a change password page with a hidden input that had their username
-set some form of access control
Is this stupid? Should I use a cookie?