Comments on: Authlogic: after the initial hype http://pathfindersoftware.com/2009/09/authlogic-after-the-initial-hype/ The Fastest Way to Launch Successful Software Thu, 19 Jan 2012 16:36:03 +0000 hourly 1 http://wordpress.org/?v=3.3.1 By: Keenan Brock http://pathfindersoftware.com/2009/09/authlogic-after-the-initial-hype/#comment-9782 Keenan Brock Wed, 23 Dec 2009 16:24:13 +0000 http://www.pathf.com/blogs/?p=4190#comment-9782 Thank you. Users on our site can click around before confirming the email. So the confirmation link typically expired by the time the user visited their email box. This will definitely fix our problem. One thing I did notice: If a user requests 2 confirm email messages, each email has a different token (and a different link). The problems is gmail will show these in a thread. The link in the first message (which is invalid) is displayed and the link in the second message (which is valid) is obscured. So we are sending out the same token on all emails. We are invalidating the token after the user confirms rather than before the user requests the confirmation email. Thanks Again, K Thank you.

Users on our site can click around before confirming the email. So the confirmation link typically expired by the time the user visited their email box. This will definitely fix our problem.

One thing I did notice:

If a user requests 2 confirm email messages, each email has a different token (and a different link). The problems is gmail will show these in a thread. The link in the first message (which is invalid) is displayed and the link in the second message (which is valid) is obscured.

So we are sending out the same token on all emails.
We are invalidating the token after the user confirms rather than before the user requests the confirmation email.

Thanks Again,
K

]]> By: Adrien Lamothe http://pathfindersoftware.com/2009/09/authlogic-after-the-initial-hype/#comment-9781 Adrien Lamothe Thu, 08 Oct 2009 22:59:44 +0000 http://www.pathf.com/blogs/?p=4190#comment-9781 You wouldn't happen to know why authlogic's password reset doesn't include the reset link in the email body? This one is really messing with me. I've been diving into Rails to get away from all the sloppiness of other environments and am finding that at as far as Rails plugins go things are almost as bad as the environments I'm trying to get away from :-( Much thanks. You wouldn’t happen to know why authlogic’s password reset doesn’t include the reset link in the email body? This one is really messing with me. I’ve been diving into Rails to get away from all the sloppiness of other environments and am finding that at as far as Rails plugins go things are almost as bad as the environments I’m trying to get away from :-(

Much thanks.

]]>