Victor Engmark wrote:
> Davi Leal wrote:
> I'd still argue that the "lost password" page is the least useful place the
> user can be after submitting a request. Since we don't have a separate
> loginpage, the front page is probably the most useful at that moment.
We can not redirect because the "lost password" page, after processing the
user request, shows the "You will ..." message to the user.
The user have to stay at that page to be able to read that message.
As I pointed out before, we could show the message at the front page. I've seen other sites which do this sort of thing.
> > OK, now I agree with you. So we will have to add a new field at the
> > E1_Entities table to save the last lost-password time stamp, for example:
> >
> > E1_AbuseLastTime
> >
> > We could use that field to, to combat abuse at the login box. Do you
> > agree? Do you have a better field name?
>
> Why "E1_"? Anyway, I'd call it LastPasswordRetrieval or just
> PasswordRetrieval (less clear). Separates the information from the
> function(s), which could be several.
About the field name, I propose a new one:
E1_LastAbuseTime timestamp,
We will be able to use that field to both the "lost password" page and the
login pages. It can be used to register the last time an operation of
login or lost password has been requested for a user. What do you think?