Home/ Questions/Q 146455
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-11T08:36:22+00:00

When a user signs up in our Struts application, we want to send them

  • 0

When a user signs up in our Struts application, we want to send them an email that includes a link to a different page. The link needs to include a unique identifier in its query string so the destination page can identify the user and react accordingly.

To improve the security of this system, I’d like to first encrypt the query string containing the identifier and second set the link to expire–after it’s been used and/or after a few days.

What Java technologies/methods would you suggest I use to do this?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. I’m going to make some assumptions about your concerns:

    1. A user should not be able to guess another user’s URL.
    2. Once used, a URL should not be reusable (avoiding session replay attacks.)
    3. Whether used or not, a URL shouldn’t live forever, thus avoiding brute-force probing.

    Here’s how I’d do it.

    • Keep the user’s ID and the expiration timestamp in a table.
    • Concatenate these into a string, then make an SHA-1 hash out of it.
    • Generate a URL using the SHA-1 hash value. Map all such URLs to a servlet that will do the validation.
    • When someone sends you a request for a page with the hash, use it to look up the user and expiration.
    • After the user has done whatever the landing page is supposed to do, mark the row in the database as ‘used’.
    • Run a job every day to purge rows that are either used or past their expiration date.
    • 0