Rick Romero wrote: >> I strongly disagree, and I'm doing it for a email service I run for a >> non-profit. The potential user enters the username they want, I >> check to make sure there is no other user or alias with that name, I >> "reserve" that username for 30 min, get the credit card number from >> them, processes it, and if the charge goes through, I insert a >> record with the username, domain, crypted and clear text password >> and quota. The account is now available for immediate use. So >> explain to me exactly what validation and other features I've lost >> control over? > > THRITY minutes? An auth should only take 9 seconds including dial > time, > and never more than 15 seconds.
Yes, the credit card auth should only take that long. But that's only after the user clicks the submit button. I'm keeping the average user in mind. "Oh, wait, my wallet is upstairs, let me go get it." "Honey, while you're up here, can you give me a hand with the kids?". The next thing you know, it's 20 min. later before the click the button to do the credit card processing :) And if it's been more than 30 min. when the click the button, they get bounced back to the "pick a username" page. > > See, you're just doing everything wrong ;) > > (j/k! I'm just being difficult :P) :-p~~~~~~~~~~~~~~~ > > Rick Dave
