Secure > Enhance site security > Enable password invalidation


Views for password invalidation

To use the password invalidation security feature, define the ChangePassword view for the store.


ChangePassword

This view is displayed if a user's password has expired or if the user has requested to change his or her password. It should provide the user with a form to enter the current (expired) password and a new password. The Submit button invokes the ResetPassword command. There should also be a Cancel button that redirects the user to another page, in most cases, the storefront page.

ChangePassword view attributes

ECConstants.EC_PASSWORD_EXPIRED_FLAG

1

The user's password has expired. This attribute is required in order to distinguish this case from the case of a user-requested password change. The JSP page should look for this attribute in order to decide what to display.

null

The user has requested to change his or her password.

ECUserConstants.EC_UREG_LOGONID

The current user logon ID.

ECConstants.EC_LOGIN_RETURN_URL

The URL to which the browser is redirected after a successful password change. This URL will be passed to an action command under the name ECConstants.EC_URL.

ChangePassword form attributes

ECUserConstants.EC_UREG_LOGONID

The logon ID of the user. The current logon ID has been passed in to the view.

ECUserConstants.EC_UREG_LOGONPASSWORDOLD

The old password.

ECUserConstants.EC_UREG_LOGONPASSWORD

The new password.

ECUserConstants.EC_UREG_LOGONPASSWORDVERIFY

The new password verification.

ECConstants.EC_URL

The URL where users are redirected after a successful password change. The value has been passed in to the view.

ECUserConstants.EC_RELOGIN_URL

The URL where the browser is redirected if the password change is not successful.


+

Search Tips   |   Advanced Search