-1

This is probably a extremely uncommon case, but:

What would happen if user A registers an account in a website with an email that doesn't belong to him and uses it without confirming it (as many websites now allow you, at least in a limited way) and then some other person, user B, tries to register an account with the same email which he actually owns?

Would a message "that email is already associated with an existing account" show, would it let both user A and user B access the site with the same email or what?

federico-t
  • 12,014
  • 19
  • 67
  • 111
  • 1
    Clearly, that would depend on the website in question and how it is implemented. – Dolda2000 Feb 15 '13 at 07:09
  • Well. That totally depends on the implementation, right? However, I assume that in every system an emailaddress is unique. If an account doesn't get confirmed in timespan T, perhaps the associated emailaddress gets released again. All depends on the implementation, really. Furthermore: how would a system be able to tell the difference between two users using the same emailaddress? Face recognition? – Nico Beemster Feb 15 '13 at 07:14
  • 1
    @Dolda2000 thanks for giving no input whatsoever – federico-t Feb 15 '13 at 07:14

2 Answers2

1

It would likely give you the message "that email is already associated with an existing account". And User B would have to use a different email to make an account.

And this is strictly in general. Any website can have any implementation. I assume you're asking because you're going to implement your own idea of this feature.

Phil Bozak
  • 2,792
  • 1
  • 19
  • 27
0

In my solutions i almost always use email as user identifier which means there can only be one user associated with an email address. This would mean if someone used someone elses email it would indeed result in 'this email is already in use'.

However, the real owner of the adress could easily get a password reminder to his email.

Solution to faking email addresses; Send out an account activation email to the email specified to be able to finalize the registration process.

In what context does your problem / question arise?

OakNinja
  • 2,326
  • 18
  • 20
  • Yes, in my website I use emails for login too. It's either requiring email confirmation to finalize the registration process or just asking the real owner of the email to register with another email, and this situation would be so uncommon that I will probably choose the latter. – federico-t Feb 15 '13 at 19:32