Hi, i have a few questions in relation to account activation, which i hope someone can help me with:
01 - when a user creates an account, should we limit the time in which they can activate the account using the link in their email
02 - if so, how should we handle the link if the token no longer appears in the database
03 - is there anything i need to look out for in terms a user misusing the link below
Thanks in advance for your help
When I've done something along those lines, I include both the token used in the link and the timestamp when it was generated/sent as 2 fields in the relevant db table. Then if a request comes in with a token, I only process it if (a) the token is found in the DB and (b) the current date/time is no more than the stored timestamp + whatever max interval you choose.