Why use mail to activate a user? In order to ensure the correct mailbox, the mailbox address is guaranteed to exist. (Regular expressions can only check that a message is formatted correctly, but not the authenticity of the message)
Http://...../UserController.ashx?action=active&username=ABC (There is a vulnerability, because this does not enter the mailbox can also know how to activate)
1, need to enter the mailbox before you know how to activate!
http://...../UserController.ashx?action=active&username=ABC&activeCode=232323
2. Where does the activation code exist?
Is there a session available? No, because if the registered browser and the active browser are not the same browser, the activation code will not be available in the new browser, resulting in activation failure!
The activation code exists in the database best!
But because the activation code is used only once, it is a bit wasteful to add a field to the Registered user table! My practice is to put the activation into a separate table!
e-mail activation design