Sign in confirm link best pratice?
-
14-01-2021 - |
Question
as by title, which is the best way to build the sign in email confirm link?
i suppose id_user/23414/pass/md5(user password)
not? :P
Solution
You should create a token and assign it to the user - a guid or something. You shouldn't send the user id or the hashed password.
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow