Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I have a 2-step form. The second step is quite lengthly and the visitor may want to complete it at a later time. What I have done is generate a uid with sha1 using a combination of details: firstname, email address, salt and I email the visitor the link eg:
http://www.mysite.com/form/step2/%5Bsha1 uid]
so when they click the links they can go back to the second step of the form…
I realize this isn’t super secure, but is it acceptable? if not, what improvements can be done?
As long as your link is a bit random, people won’t be able to “guess” it ; so, you should be OK, I suppose, as long as your “salt” is not the same for everyone (I guess it’s some kind of random data your generate for each user ?)
Maybe you could have a “password” field on the first step of the form, and, if users arrive to the second step of the form via the link in the e-mail, they should re-type this password, to confirm they know it ?
I am not sure it is really necessary, but it might be seen by your users as a security measure (and some people like when the websites they are using are (or, at least, look like) secure).
Another nice thing to have would be for the link to be valid only a couple of days, maybe — if that’s suitable with the needs of your application.