Can anyone think of a better way to do this?
I have passwords hashed in the user table. When a user wants to reset
his or her password, they enter their registered e-mail address in the
text field submit it, and then are sent a reset-confirmation e-mail
containing a unique link that will reset their password and e-mail
their new, random password to them.
As it is now, I've set up an entirely new table for password reset
requests which contain the user id, creation date, and the unique hash
for resetting the password. But to some extent this seems wasteful
because after 24hrs the requests expire, and after the password is
reset, the request is removed from the table. So it's like I have this
table that seems necessary but never really grows and will probably
never have more than a few rows at a time. Is this a good thing?
Any other way I can approach this problem?