www.webdeveloper.com
+ Reply to Thread
Results 1 to 2 of 2

Hybrid View

  1. 11-13-2012 11:41 AM #1
    oo7ml
    oo7ml is offline Registered User
    Join Date
    Jul 2006
    Posts
    651

    Account Activation

    Hi, i have a few questions in relation to account activation, which i hope someone can help me with:

    01 - when a user creates an account, should we limit the time in which they can activate the account using the link in their email

    02 - if so, how should we handle the link if the token no longer appears in the database

    03 - is there anything i need to look out for in terms a user misusing the link below

    http://www.website.com/activate-acco...f17a30a67d9ea4

    Thanks in advance for your help
    Reply With Quote Reply With Quote
  2. 11-13-2012 02:10 PM #2
    NogDog's Avatar
    NogDog
    NogDog is offline Moderator, take two
    Join Date
    Aug 2004
    Location
    Ankh-Morpork
    Posts
    18,049
    When I've done something along those lines, I include both the token used in the link and the timestamp when it was generated/sent as 2 fields in the relevant db table. Then if a request comes in with a token, I only process it if (a) the token is found in the DB and (b) the current date/time is no more than the stored timestamp + whatever max interval you choose.
    "Please give us a simple answer, so that we don't have to think, because if we think, we might find answers that don't fit the way we want the world to be."
    ~ Terry Pratchett in Nation

    eBookworm.us
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

     

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts

Forum Rules

 HTML5 Development Center



Recent Articles