0

Email-confirm-url

I have created an url: path(r'myurl/<str:userid>/<str:username>>', views.MyView.my_def, name = 'myname') The client receives an email with this link, to confirm his email-address. Now I'm wondering, if it makes sense - from a security-perspective - to put some kind of identifier in the code. Some kind of token, or the users session-id. Otherwise I think s.o. could guess the next id and then confirm an email-adress, he has actually no access to. Does that make sense? Best practices?

14th Apr 2021, 12:25 PM
Fu Foy
Fu Foy - avatar
3 Antworten
+ 2
Why don't you try the user management from django.
19th Apr 2021, 7:47 AM
AKSHAY🇮🇳
AKSHAY🇮🇳 - avatar
26th Apr 2021, 10:32 AM
AKSHAY🇮🇳
AKSHAY🇮🇳 - avatar
+ 1
Reinventing the wheel :) Thank you for your input! I'll try this next time!
26th Apr 2021, 7:13 AM
Fu Foy
Fu Foy - avatar