About

We are a full-stack web development shop focusing on rapid prototyping. We can help you get a first version of your idea out quickly help you grow as the idea matures.

Contact

Randy Schmidt

News

Holy Confirmation!

November 12, 2009
Holy Confirmation

Holy Confirmation INDEED!

I have a bone to pick with account activation. Many sites require you to “activate your account” but what I really think they want and mean is “you need to confirm your email address”. Why do you need to confirm your email address? Nothing takes the place of actually going to your email account, seeing an email, and saying “Yes! I received the email and it didn’t land to my spam folder!”.

Now, many of the sites that require account activation don’t require reactivation when you change your email address. This leads me to believe that many people have forgotten why they are requiring activation!

I propose a process in which you are doing and calling it exactly how it is. Here it goes:

  1. The users table has confirmed_email and new_email fields and the User model has a method called email that picks from those depending on what they contain.
  2. When a new user signs up, their email address is stored in new_email and they are sent an email confirmation email with a link to confirm their email address. This doesn’t mean they can’t log in, it just means they have a message at the top of the screen and possibly limited functionality until they do confirm their email address.
  3. When they click the link in the email, the email address stored in new_email is moved to confirmed_email and they go about their merry business.
  4. When the user wants to change their email address, they are presented with a field where they can put in their new email which gets stored in new_email
  5. An email is sent to the currently confirmed_email saying they are attempting to change their email address. This is done to prevent the email from being changed maliciously.
  6. An email is sent to the new_email with a link to confirm their new email address
  7. When the link is clicked, new_email is moved to confirmed_email

So there you have it. Unless I hear otherwise, I’m going to start using this process to confirm a user’s email address.

I don’t think I’ve ever typed the word “email” so many times in my life… email email email email email.

0 Comments