top | item 24364101

(no title)

g4rret | 5 years ago

> It’s very hung up on making sure the user types the right email address on account registration, having them type it twice, making them provide some sort of security question (before their account is created, mind you!), making sure the question is answered correctly by the person clicking the link, etc etc.

No, it's saying you can do this, this, _or_ this. It's giving you options, not telling you to do everything on it.

discuss

ninkendo|5 years ago

> Me: "I will NEVER..."

> You: "I will NEVER..."

> Me: "...send the user a simple clickable link in an email and assume that the clicking of the link establishes validity."

> You: "...send the user a simple clickable link in an email and assume that the clicking of the link establishes validity."

It doesn’t seem like it’s giving an option here at all.

I certainly want to send the user a simple clickable link in an email and assume that the clicking of the link establishes validity. It’s how I know they actually own the email address they typed! (And that they are capable of receiving email I send them.)

I just wouldn’t use that validity to assume anything other than: “The person who clicked this link is allowed to create an account with the email address I sent the link to”. In other words, it must happen prior to account creation, not after. But the section of the guide is entitled “validating email addresses during new account creation”, so it’s pretty obvious that is this before the new account is created.