Email Verification Code Improvement
- Phil Banks
- Alex
Imported From: http://groups.google.com/group/in-portal-dev/browse_thread/thread/7c0db90bd85f1af8#
We have an e-mail verification system, where a link is sent by email to user. This link embed a one-time use token, and once user click on it, his email is validated.
There's 2 possible messages when user is redirected onto In-Portal:
- your email address is validated
- invalid confirmation code
If user click twice on this link (could be because some users "double-click" on links, or when reading again automatic generated email), then the second message is displayed. Then the situation become unfriendly: user see "wrong code" message, while he is already validated, and even maybe logged-in. This may sound dumb for you, but I report this here because some of my users are encountering this problem, and contacted me to understand what they made wrong.
Solution
When code is invalid don't write just that, but show text (depending on usage context) indicating that code was already used to do whatever it's supposed to be used for:
- "Your password was already reset"
- "Your account is already activated, please proceed to login"