Hi, i have a few questions in relation to account activation, which i hope someone can help me with:
01 - when a user creates an account, should we limit the time in which they can activate the account using the link in their email
02 - if so, how should we handle the link if the token no longer appears in the database
03 - is there anything i need to look out for in terms a user misusing the link below
Thanks in advance for your help
When I've done something along those lines, I include both the token used in the link and the timestamp when it was generated/sent as 2 fields in the relevant db table. Then if a request comes in with a token, I only process it if (a) the token is found in the DB and (b) the current date/time is no more than the stored timestamp + whatever max interval you choose.
"Please give us a simple answer, so that we don't have to think, because if we think, we might find answers that don't fit the way we want the world to be."
~ Terry Pratchett in Nation
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)