Feature #3588

Avoid using user auth token as a parameter in user activation url

Added by Kostas Papadimitriou almost 11 years ago.

Status:Assigned Start date:04/15/2013
Priority:Medium Due date:
Assignee:Kostas Papadimitriou % Done:

0%

Category:Astakos Spent time: -
Target version:0.14.0

Description

Although we invalidate the token when user successfully visits the activation url, it feels a bit bold and
prone to cause security issues to use such sensitive information as a parameter to any astakos url.

Astakos could generate a separate identifier for the email verification process.
Identifier should be random, unique accross users and preferably contain only url safe characters.

Also available in: Atom PDF