adrianle Posted July 7, 2015 Share Posted July 7, 2015 My client wants me to create a process, where he can click to send an email to someone, and embedded in that HTML email will be a link that when clicked, will take the user to a "details" page showing their unique information. We don't want the UniqueID to be visible in the link, as the user might decide to type a different ID into that URL and see someone else's details. So.. how do we link (from an email or other outside source) to a dynamically populated page, without showing the unique ID? Thx Quote Link to comment Share on other sites More sharing options...
Solution scootstah Posted July 7, 2015 Solution Share Posted July 7, 2015 You can't. Make the unique ID long and generate it with a cryptographically secure random method, and you're good to go. You can do things like deactivate the token once the person views it, or require they also type in their email address when they visit the page. This will significantly reduce the chances of someone guessing a token. But, if you use a long token, the chances of someone guessing it correctly are astoundingly small anyway. 2 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.