User sign-up with email verification

Question

I\'m developing a website with using struts2 and jsp pages. In many sites after you sign-up, a link will be sent to your email and after clicking on that the registration is com

Answer 1

The algorithm is something like this:

1. Save the user's info, marking it with a pending status.
2. Generate a token that contains some info related to the user's account.
3. Generate the email, which must include the URL to activate the account and the URL will have the token in it.
4. The URL must point to some servlet or service in your app that will validate the token, check if the user related to the token is inactive, present a completion form (let the user set a password, present a captcha, etc) and on form submission you activate the account with the password they set.
5. You should periodically scan the inactivate accounts and delete the ones that are several days old and have not been activated.

To generate the token, you can encrypt some data such as user ID, email, etc and encode it in Base 64 (the URL-safe variant) - remember to salt it when you encrypt. When you receive the token, you decode and decrypt it, and it must point to an inactivate user account.