Is there a way to be able to send a link through an email that includes a url parameter that verifies the link was sent by the server, and verifies that the link was clicked with a certain period of time after the token was generated?
You can do the following procedure:
when the user access your server, you:
You simply need a table to store the token,email addresss,date generated, date activated
when you generate the email you store the token email & generated date/time
in the email you put a url that contains a link to your web page and the token & email. eg:
http://mysite.co.uk/activate.aspx?token=jhsdjsdslkwww7474&email=blah@blah.com
The web page then has to find the token and email address check the date and update the date activated if it is valid.
I would store a random UUID in a distributed cache (for load balanced, multi-node system) and proceed as what woliveirajr mentioned above. You also need to make sure that users will not abuse your system, so having some provisioning in Load-balancer (F5) to detect human vs. programmatic requests will help introducing a level of protection. Modify your security policy as you deem necessary.
If a system was developed to generate unique keys, email out those keys and accept http requests from the email with those keys. Then yes.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.