Password invalidation

To use the password invalidation security feature, you need to define the ChangePassword view for your store.

ChangePassword

This view is displayed if a user's password has expired. It should provide the user with a form to enter the current (expired) password and a new password. The Submit button invokes the ResetPassword command. There should also be a Cancel button that redirects the user to another page, in most cases, the storefront page.

ChangePassword attributes

ECConstants.EC_PASSWORD_EXPIRED_FLAG
1
The user's password has expired. This attribute is required in order to distinguish this view from the view used for the password change feature as they are the same. The view for the password change could be invoked by a user, and the JSP assigned to this view should be the same for both cases. The JSP should look for this attribute in order to decide what to display.
null
The attribute is not on a URL . This is normal password change behavior
ECUserConstants.EC_UREG_LOGONID
The current user logon id.
ECConstants.EC_LOGIN_RETURN_URL
The URL to which the browser is redirected after a successful password change. This URL will be passed to an action command under the name ECConstants.EC_URL.

ChangePassword form attributes

ECUserConstants.EC_UREG_LOGONID
The logon ID of the user. The current logon ID has been passed in to the view.
ECUserConstants.EC_UREG_LOGONPASSWORDOLD
The old password.
ECUserConstants.EC_UREG_LOGONPASSWORD
The new password.
ECUserConstants.EC_UREG_LOGONPASSWORDVERIFY
The new password verification.
ECConstants.EC_URL
The URL where users are redirected after a successful password change. The value has been passed in to the view.
ECUserConstants.EC_RELOGIN_URL
The URL where the browser is redirected if the password change is not successful.

Feedback