How to preserve session data through a User Registration

Question

I use AuthLogic to activate / authenticate new users, and I am currently using session data so the system knows where to send the new user after they activate (such as which project to show them). So, it uses a number of variables such as session[:project_id], which need to be there when the user activates their account the first time.

The issue is this - what happens if the session data isn't there when the user activates? A few cases:

• A user registers on one browser but then opens their activation e-mail on another,
• A user registers / activates using incognito mode,
• A user waits a day or two before activating their account.

From what I can tell, using session data presents a UX vulnerability because when it does not persist, the user ends up in an unhelpful location (or even worse, a 500 error due to expecting a session variable that does not exist).

It is in my mind necessary that information such as project_id (and a few other variables) are reliably stored from registration to activation. I am wary of creating new database fields for this limited and temporary purpose, but I am open to all suggestions. How can I close this loophole?

---

In response to Omar's answer:

In UserMailer.rb I have defined activation_instructions(user), which send out the activation_instructions e-mail to new users. At the moment, I see the following:

def activation_instructions(user)
  @user = user
  @account_activation_url = activate_url(user.perishable_token)
  mail(:to => "#{user.login} <#{user.email}>", :subject => "Welcome!" )
end

How can I add the get parameters to this? Say I have the parameters project_id and category_id?

Answer 1

You could send that parameter as a get parameter via the activation email, that would solve all three problems, no?