Generate / save account activation code

Question

Generate / save account activation code

usually on any website after registration they send you an email with an account activation code, is there somewhere some information / best practices about this technique?
how about how you generate them, how you store them, encode or not activate these activation codes?

+4

user-accounts activation

Omu Mar 2 '10 at 10:01

source share

2 answers

IMHO, the best way to do this is not to store the key and generate it when you need it using a seed or private key. Or use the MD5 digest logic to use certain user parameters, for example, generate the string "username-email-id" and a hash file and send it by e-mail when the user clicks on it again, tries to generate a key and map it to the user's key. There is no need for storage and cannot be regenerated.

+1

Teja kantamneni Mar 04 '10 at 14:05

source share

Dave · Accepted Answer · 2010-03-04T14:00:51+0000

The generated activation code can be as simple as generating a random number with a fixed number of digits.

Personally, I do this, and then save the generated code in the database user table along with the username / password / email, etc., so that it can be quickly checked when the link is clicked and the verification code.

I usually use a "long" data type and generate 9-digit random numbers, and store these raw (not encoded) in the database for easy retrieval. Passwords must be encoded, but the activation code is a one-time, discarded value, so there is no need for any special consideration.

Generate / save account activation code

More articles: