If you want navigation to a URL to actually log a specific person in, the tokens will have to be person-specific, won't they? What do you imagine the mechanics would be for getting a sending user to generate one of those URLs? Are you trading recipient-convenience for sender-inconvenience?
Would setting this up allow potential-senders to impersonate anyone by generating and then navigating to one of these URLs? As an alternative, consider setting a long-lived cookie when a user logs in, and check for its presence as part of your authentication routine (e.g., if cookie exists, assume they are legit & pass them on to the destination page). That should cut down on the number of logins. ________________________________ From: [email protected] [mailto:[EMAIL PROTECTED] On Behalf Of Ivor Paul Sent: Wednesday, October 15, 2008 5:36 AM To: [email protected] Subject: [Rails] login from token Hi I have users sending messages to other users with links in the email. If the users click on the links in the email they go to the message in the app, but invariably they arent logged in and have to do so before getting to the page they want to go to. I want to build a login_from_token functionality that would add a token for the user who receives the email so that the link will go directly to the page, and in the process log them in. My question: How safe is this? Are their issues with this approach in terms of privacy? The email is supposed to be personal email accounts so in principle the link would be as safe as the email account? I would appreciate your thoughts. Regards Ivor --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
