So I’ve been struggling with a nice and easy way to allow users to access a private page without asking them to fill out a login/password form.
What I’m thinking about using right now is for each private page I generate a uniqueid (using php uniqid function) and then send the URI to the user. He would access his private page as “www.mywebsite.com/private_page/13ffa2c4a”. I think it’s relatively safe and user friendly, without asking too much of information. I thought maybe when the user access this page it would ask for it’s e-mail just to be sure, but the best would be nothing at all.
Is this really safe? I mean not internet banking safe, but enough for a simple access? Do you think there’s a better solution? Thanks. 🙂
If your site is data driven, you could make a unique key like you’re saying and pass that to your user. When the user comes back they would hit a data bound template page which will go and look for that key, if they key is found, then reutrn the elements of the page to them. Once that key is used, you could then deactive it or delete it out of the system so that the template page wouldn’t be able to re-render the same data twice because it couldn’t find that key anymore. You might also want to make sure that you’re not caching that page or putting anything into session (keep as little public as possible).
This is not a great solution, but might be able to work with out forcing someone to login to something.
Good luck, and hope this helps some.