• # April 16, 2013 at 4:24 pm

    How do these work?
    For example, a confirmation url might “”

    What is that last section of the url and is anything stopping someone from just sneezing on their keyboard and typing it out and confirming someone else’s email address?

    I assume the end is a hashed ID or something. Chances of guessing it along with the username is one in a million. But I’m just really curious :)

    # April 16, 2013 at 4:39 pm

    Chances of guessing are more like 1 /, if it’s always 14 digits. Might be some kind of hash, might be random, but the chance of your cat walking over the keyboard confirming some one else’s email address is nil.

    # April 16, 2013 at 4:54 pm

    This reply has been reported for inappropriate content.

    Indeed, so I assume I’m somewhat correct in that it’s just a hash or something along with their username being rewritten to a url that confirms that these two pieces match … and then the user gets “confirmed” and redirects the user to their profile.

Viewing 3 posts - 1 through 3 (of 3 total)

You must be logged in to reply to this topic.