User sign-up with email verification

Question

Hi.

I'm developing a website with using struts2 and jsp pages. In many sites after you sign-up, a link will be sent to your email and after clicking on that the registration is complete. I want this feature on my webstie, but I don't have any idea how to do this and how is this working? Should I save user's information on my database until he/she is verified or not? I searched web but there is learning for php forms.

any tutorial?

Thanks in advance.

Answer 1

The algorithm is something like this:

1. Save the user's info, marking it with a pending status.
2. Generate a token that contains some info related to the user's account.
3. Generate the email, which must include the URL to activate the account and the URL will have the token in it.
4. The URL must point to some servlet or service in your app that will validate the token, check if the user related to the token is inactive, present a completion form (let the user set a password, present a captcha, etc) and on form submission you activate the account with the password they set.
5. You should periodically scan the inactivate accounts and delete the ones that are several days old and have not been activated.

To generate the token, you can encrypt some data such as user ID, email, etc and encode it in Base 64 (the URL-safe variant) - remember to salt it when you encrypt. When you receive the token, you decode and decrypt it, and it must point to an inactivate user account.