Advice needed on completing a registration process by confirming an email address

Hello all,

I was wondering if anyone has had experience of users registering to your application and you send an email to the address they provided and they have to click it to complete registration. Standard stuff but how best to do it?

What should I put in the query string of the link I send?

The session id? I cold always take that from the cookie.

An encrypted version of the session id?

Or something else.

How have you tackled this?

I look forward to your replies.

CIA

-Ants

Hello all,

I was wondering if anyone has had experience of users registering to your
application and you send an email to the address they provided and they have
to click it to complete registration. Standard stuff but how best to do it?

What should I put in the query string of the link I send?

The session id? I cold always take that from the cookie.
An encrypted version of the session id?
Or something else.

Authlogic has the concept of a perishable token.
http://www.binarylogic.com/2008/11/16/tutorial-reset-passwords-with-authlogic/
shows how to use this to do password resets, which from this point of
view is practically the same as what you're trying to: the important
bit is that users can login via something other than their password,
which is sent by email. Even if you're not using authlogic you may be
able to draw some inspiration from it

Fred

That’s precisely what I needed and it’s done!! Thanks very much.

-ants