0

1 or 2% of users registering seem to get no confirmation email or they get a bad token appended to the confirmation link in the email. I can't determine why or where this wrong token comes from. It doesn't look like a truncated version of the correct one. It's totally different. Clicking it yields a 404 response.

I am not overriding the RegistrationController.

Could it be the mailer settings?

swiftmailer:
    ~
    spool:     { type: memory }

The only other changes I've made were in validation of a few custom fields.

registration:
    form:
        type: acme_user_registration
        validation_groups: [MyRegistration]
    confirmation:
        enabled:    true

Any ideas what's going on?

Thanks.

hipnosis
  • 618
  • 1
  • 8
  • 13
  • Maybe hitting on [#674](https://github.com/FriendsOfSymfony/FOSUserBundle/issues/674)? – Emii Khaos Feb 13 '14 at 22:16
  • @Paziツ It has happened too many times for it to be that I think. – hipnosis Feb 14 '14 at 17:37
  • Have you checked in the database? – Emii Khaos Feb 15 '14 at 08:26
  • @Paziツ Yes. There is a different token which I must manually email to the user for them to confirm. The other token is nowhere to be found. – hipnosis Feb 15 '14 at 13:54
  • found a solution? today I was doing some tests on my site, and it happened to me – ewb Mar 31 '15 at 10:36
  • @Dario No. I never figured it out. I ended up adding a way for users to resend the confirmation email. I thought about it more and think it must create a confirmation token, send the mail, and then overwrite the original token. I don't know where that might happen. – hipnosis Apr 01 '15 at 12:36

1 Answers1

1

I found a problem while viewing a confirmation email in outlook.com. I turns out that outlook.com is 'previewing' the link to show some expanded metadata in the email message. This has the side effect of enabling the user and deleting the token. Once the user actually clicks the link, they get a token not found error, but their account is enabled.

Henry
  • 7,721
  • 2
  • 38
  • 38
  • Interesting. In my case the token is not deleted. It is simply a different token sent in the link than the one in the database. I assume it is being overwritten with a new token at some point, but I don't know where, when, or why. – hipnosis Feb 26 '17 at 15:00
  • Just guessing here, but sometimes during testing I get out of sync with the email. So the email from test n comes in at a point in time when I'm expecting the email from test n+1. (due to the time it takes for an email to arrive). – Henry Feb 26 '17 at 23:55