This should be fairly simple. I know how I can do it but I would like to have some ideas on how you can do it since I think that there should be many other ways to do it. When you sign up for an account on a website, you have to go to your email and go to a link in order to activate your account. How do you know that the user went to the link in order to activate their account?
Asked
Active
Viewed 51 times
2 Answers
1
Look at any implementation of this scheme. You would see some unique string that is generated when sending this email to you. It is passed back to the website when you click the link -- that's how it is recognized.
It is generally assumed that nobody else could know this unique string, so the visitor who opens this link is assumed to be the one who provided the email and, consequently, who has access to it.
spacediver
- 1,483
- 1
- 11
- 18
1
When the account is created a conformation token is generated, stored in the database and emailed to the user (as part of that link).
When the link is visited, that token is used to find the matching row in the database and use it to make the account as active.
Quentin
- 914,110
- 126
- 1,211
- 1,335