Force User to Change Password When Logged in

Question

0.00/5 (No votes)

See more:

Hi guys,

I write a web site which it forces users to change their password after 3 months of last change. It detects it when user is logging in the website.But, if user never logs out how I can made this detection. Can you give me idea how I can do it withoutusing cron job?

Thanks & Regards

Posted 11-Jul-12 22:17pm

Çağlar Tolga Tetik

Add a Solution

Comments

Shemeer NS 12-Jul-12 5:16am

What's the session timeout for this application?...or how you keep your user logged in for 3 months or more than that, are you using any cookie?

2 solutions

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

pradiprenushe · Answer 1 · 2012-07-11T23:35:00

Solution 1

Add RegisteredDate Column in your login table.

SELECT CONVERT(VARCHAR(10),Datediff(ss,getdate(),RegisteredDate )/(60*60*24))

you will get no of day with this query.
Check it is greater than 90 if it is give message for password change.

Posted 11-Jul-12 23:35pm

pradiprenushe

Comments

Çağlar Tolga Tetik 12-Jul-12 10:26am

That is the way my system work.It makes the check after login event of the user. But, if not user log off, I cant make this check. Where can I do its check if users password is expired but he is not log off?

graciax8 · Answer 2 · 2012-07-11T23:35:00

Solution 2

if you have save this column of when they have last changed their password then you have no problem even if they haven't logged out.
You can attain this by:

1. querying the lastPasswordChangedDate;
2. and if it is more than X days since this password is changed, you should disable their account and redirect to change password page.

Posted 11-Jul-12 23:35pm

graciax8

Comments

Çağlar Tolga Tetik 12-Jul-12 10:27am

Ok but, where can I make the check of it?

graciax8 13-Jul-12 1:27am

on page load event so you can track that he is on the site.
And if it is more than 30 days since he changed the password, you'll redirect him to the change password page.

Hope this helps. Good luck!