Fields for reseting password

Question

I am upgrading my reset password procedure of my webpage. What fields should i include in my SQL table?

After searching all over the web i decided to add these goodies

1. Guid
2. Expiration date of guid (i guess 3 days is fine)
3. Timestamp of the change password request
4. Ip address of the user

is there anything else that could be usefull?

Answer 1

Here are some suggestions :

• At first, why do you want an expiration date field? You know the request date and you know the duration in which the request will expire (3 days), you can calculate the expiration date easily without the need for a database-field.
• I think 3 days is a too long duration, the one used in most websites is 24 hours, which makes more sense, IMO.
• The request date should be a DateTime field, rather than a Timestamp, because that's not a duration of time, that's a specific point of time.