Currently, there is no logic implemented to delete expired OTPs automatically. Expired OTPs are only deleted when a new OTP is generated. Add a mechanism to handle automatic cleanup of expired OTPs.
Approach:
Whenever a request is made to generate a new OTP, first delete any expired OTPs.
If a valid (non-expired) OTP already exists for the user, do not allow generating a new one.
When a user attempts to validate an OTP, first remove any expired OTPs, then proceed to verify the provided OTP.
Currently, there is no logic implemented to delete expired OTPs automatically. Expired OTPs are only deleted when a new OTP is generated. Add a mechanism to handle automatic cleanup of expired OTPs.
Approach:
Whenever a request is made to generate a new OTP, first delete any expired OTPs.
If a valid (non-expired) OTP already exists for the user, do not allow generating a new one.
When a user attempts to validate an OTP, first remove any expired OTPs, then proceed to verify the provided OTP.