I’ve got a web site sending someone a confirmation email.
Now in the email I would like to have a link the user has to click to confirm he received the mail.
I’d like to include the user’s password (or some random code) into the confirmation address, so the user does not need to enter it by hand again, but if I do this, the password will end up in the browser history and the log files.
Is there any other way to get a confirmation link in an email to send information like a user name and password, without it ending up in the link somehow?
Is it, for example, possible to have an input form in an email and send the password as POST instead of GET?
The way this usually works is that the confirmation email contains a link that includes a GUID (Globally Unique Identifier) of some sort. The GUID is associated with the user’s account. When the link is clicked the web application simply sets the confirmation flag and logs the user in using the GUID rather than the usual username and password combination.