CODEWITHSUNDEEP
securityweb-applications
Rusty
Rusty

Reputation: 389

What is happening behind the scenes for a confirmation email?

Usually, when you sign up for an account on a website or post something to Craigslist, the website will send you an email and your account won't be active until you click the link in your email.

I know this is done to confirm that you are a person and prevent robots from spamming the site, but I don't understand what is going on server side.

Does the site save your information in a temporary database? Does the email link they send you secretly contain all the information needed to start your account?

Very curious if there are different methods for doing this and what the pros/cons are?

Upvotes: 0

Views: 45

Answers (2)

joaumg
joaumg

Reputation: 1248

The server, well. It saves the user information, generates a pseudo-random string (generally a 32, 64 or even 256 byte token), which "identifies" you as you.

In the email, it sends you, it will and an anchor (and as you click it), it will recover that token and make your account active.

An example using an anchor + GET param:

http://example.com?token=acbd18db4cc2f85cedef654fccc4a4d8

md5('foo') => acbd18db4cc2f85cedef654fccc4a4d8

For the 'pseudo-random', any criteria is available, since the id your were given in the database, to some random crypto utils.

Upvotes: 1

J. Doe
J. Doe

Reputation: 1

i guess the link that you get in the email contains a unique string for the new user that is not confirmed, so when you open the link the server can select which user confirmed the email.

Upvotes: 0

Related Questions