On Jun 28, 7:58 pm, "Adi J. Sieker" <[EMAIL PROTECTED]> wrote: > <[EMAIL PROTECTED]> wrote: > > That's absolutely ingenious - that approach gets my vote. I think I'll > > switch DjangoPeople over to that. > > and to have the token expire you could add the date of the following day > into the hash. > That way the token is valid for max 48 hours.
Aah, I see what you mean - so when you check the hash you'd check it using today's date, then if that fails check with tomorrow's date, then if that fails announce the hash to be invalid. Neat, although it isn't very flexible - if people want a policy that says the link will work for 6 hours you'd need a different mechanism entirely. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django developers" group. To post to this group, send email to django-developers@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-developers?hl=en -~----------~----~----~----~------~----~------~--~---
