Token used to prove id when clicking on confirmation e-mail. Want token to be reusable after time elapsed

Question

I'm creating a website where a confirmation e-mail will be sent out after a user registers. I want to have it so that the page will expire after a few days and the token can be reused.

So in detail the user will receive an e-mail containing a link to a webpage. This link will pass data by GET to the webpage, and this data will be "the token" which proves the identity of the user. I was considering using the PHP function uniqid but that wouldn't allow the reuse of tokens and I don't like it for other reasons. What's a better approach? I'm very open to ideas and if someone can think of a better way of authenticating accounts and limiting it to a few days please share!

Is the name "token" correct in this context or is it called something else?

EDIT: I guess I'm open to using things like uniqid() but wouldn't it produce and easily guessable token?

Answer 1

Why would you want to reuse a token anyway? But in general I would setup a table like:

token_id (varchar 75)
expiry_date (date field)

And then lookup the token when requested. The expired tokens can be removed using, for example, a cron that runs daily. When generating a new token I would validate it against the existing token_id's to prevent duplicates.

By running a cron you 'cleanup' old tokens to make room for re-use. Although if you generate a 75 char hash the odds of duplicate tokens are minimal (depending on the number of tokens generated daily of course).