I want to use a phone number as the login name for an application.
I am passing the phone number to my backend application using an API call to my application.
This validates the number in my backend application and if OK returns an SMS to the phone with a passcode that the user then enters in second box to validate their sign in.
I only have 1 page in my application called “main menu” that I want to be accessible only once they have validated their passcode.
How do I secure the main menu page so that it is only accessible when the passcode has been validated and can I set a timeout so it expires after say 15 minutes?
Help please 