All geek questions in one place

Auto sign in after checking email from email

When users successfully verify their email address, can I just register them automatically?

I consider the following reasons:

  • Link is a random hash
  • Users will already be annoyed by the need to check
  • I will trust anyone who has access to the email inbox, as you can reset your password
  • Users can, of course, only check (and therefore auto-login) once

I ask because sending the link in which you write automatically makes me feel like I'm missing something.

+3
source share
3 answers

It’s better if you at least ask them for a password to check your email. This way you will actually make sure that the email address belongs to the user.

If you automatically log in, you just make sure that the email address exists and that the user who owns this email address wants to access the account.

Regarding the third point: you hope that you trust only the person (s) with access to this address, as soon as you confirm that the address really belongs to the user (which you could do by requesting a password during verification).

+6
source

Yes, you can. This is quite reasonable. So far, as you say, you only allow once for a given generated URL.

: , , (.. , ) "" , , ( ). , .

+3

, , . , . ? , , , .

+1

Source: https://habr.com/ru/post/1732016/

More articles:


All Articles