Hi, i have a few questions in relation to account activation, which i hope someone can help me with:
01 - when a user creates an account, should we limit the time in which they can activate the account using the link in their email
02 - if so, how should we handle the link if the token no longer appears in the database
03 - is there anything i need to look out for in terms a user misusing the link below
Thanks in advance for your help
I don’t think that there is any should in this case but it’s a good idea to do it so that your database is not littered with inactive accounts that could have been set up by robots or other illegitimate users. I’d allow the link to be active for a week or two and then delete the account. If you really don’t want to miss any potential users you might set up a system that sends reminders about account activation after a few days an account is inactive. But after a couple of tries I’d finally give up and delete the account.
Some information that the link is no longer active because the account may be already active or the link may have expired. If your links contain user id’s then you might inform the user that their account is already active and they should log in.
Just make sure that people can’t make up valid activation links by substituting or guessing values.
Cool, thanks for your help here…