What is the best way of implementing non-permanent user deletion?

views:

answers:

What is the best way of implementing non-permanent user deletion?

Hello everyone.

I try to never delete the actual records from the important tables in my database, instead mark them as Deleted by setting corresponding field to True. But in case of a membership this approach will prevent any future user of reusing the username of the "deleted" user. Username won't be a problem, but what if the "deleted" user decides to sign up again and tries to use the same email? Since the emails are also unique in asp.net membership it will throw an error that the email is already in use (by the deleted account). What is the best way out of this?

Thanks in advance.

+1 A:

Perhaps you need a code path for re-activation, rather than new account creation after deletion. This is how WoW does it, and WoW can't be wrong.

Stefan Kendall 2010-09-21 20:20:29

Could you please provide little more details? i don't think i'm familiar with code paths.

Dimitri 2010-09-23 12:30:09

...what? When someone tries to create an account with an existing email, just use different business logic to handle the scenario. Don't try and make it the same experience as creating a new account.

Stefan Kendall 2010-09-23 14:13:25

oh, i see what you mean

Dimitri 2010-09-23 19:35:01

Just change the username to something like 'deleted001' or something like it. A lot of sites do this.

edit
Stefan's answer is pretty good... unless you want them to be able to basically remove their identifying information from your site. At which point you need to rename the user.

Chris Lively 2010-09-21 20:20:43

Not really necessary, so long as you make it clear on signup that information is never purged. I don't think many users are this paranoid.

Stefan Kendall 2010-09-21 21:27:50

Personally, I think they ought to be... but that might be my own paranoia slipping through. ;)

Chris Lively 2010-09-22 19:20:59

Chnaging username is not good since 1)the same user would not be able reuse its Email again; 2)what about 2nd, 3d and following deletes of the same username? How to manage it? 3)So, the different users will have, for ex., posts or whatever under the same username? 4) etc.. So, reactivating path is less troublesome. less laborious and more ethically correct. I, for ex., do not like the idea that my nick is used by others

vgv8 2010-09-23 04:15:15

@vgv8: That was kind of the point. Once a user has deleted themselves from the site, then they are gone. There is no "reactivation" step.

Chris Lively 2010-09-23 05:51:03

+3 A:

I think using an active flag works well. If a users deactivates their account and signs up again, after you check if the email already exists you can then check if they are set to inactive and then offer to reactivate their account.

RueTheWhirled 2010-09-21 20:31:13

Yeah, this is the way i thought i'd do it. If i find the email i'd prompt them if they want to recover the password and then on password reset reactivate their account.

Dimitri 2010-09-23 12:28:41

Since the membership i use is not pure SqlMembershipProvider, but rather a hybrid between Sqlmembership and custom store, i'd have to mark this as the answer. but thanks to all that answered, really appreciate it.

Dimitri 2010-09-23 19:37:44

+1 A:

If you are using SqlMembershipProvider, just lock the account and set a comment indicating that the lock is permanent.

This would involve no modifications, only workflow adjustment.

Again, this assumes that you are using a stock membership stack.

Sky Sanders 2010-09-23 02:54:01

Are you saying that SqlMembershipProvider will exclude emails of locked accounts from validation?

Dimitri 2010-09-23 12:32:06

@dimi - correct - locked out accounts cannot validate. that would kinda avoid the purpose of locking an account out, no? ;-)

Sky Sanders 2010-09-23 18:15:03

um, i guess :) have to try that

Dimitri 2010-09-23 19:34:27

ansaurus

tags:

views:

answers:

What is the best way of implementing non-permanent user deletion?

related questions