Secure > Enhance site security > Enable password invalidation
Views for password invalidation
To use the password invalidation security feature, define the ChangePassword view for the store.
ChangePassword
This view is displayed if a user's password has expired or if the user has requested to change his or her password. It should provide the user with a form to enter the current (expired) password and a new password. The Submit button invokes the ResetPassword command. There should also be a Cancel button that redirects the user to another page, in most cases, the storefront page.
ChangePassword view attributes
- ECConstants.EC_PASSWORD_EXPIRED_FLAG
- 1
- The user's password has expired. This attribute is required in order to distinguish this case from the case of a user-requested password change. The JSP page should look for this attribute in order to decide what to display.
- null
- The user has requested to change his or her password.
- ECUserConstants.EC_UREG_LOGONID
- The current user logon ID.
- ECConstants.EC_LOGIN_RETURN_URL
- The URL to which the browser is redirected after a successful password change. This URL will be passed to an action command under the name ECConstants.EC_URL.
ChangePassword form attributes
- ECUserConstants.EC_UREG_LOGONID
- The logon ID of the user. The current logon ID has been passed in to the view.
- ECUserConstants.EC_UREG_LOGONPASSWORDOLD
- The old password.
- ECUserConstants.EC_UREG_LOGONPASSWORD
- The new password.
- ECUserConstants.EC_UREG_LOGONPASSWORDVERIFY
- The new password verification.
- ECConstants.EC_URL
- The URL where users are redirected after a successful password change. The value has been passed in to the view.
- ECUserConstants.EC_RELOGIN_URL
- The URL where the browser is redirected if the password change is not successful.