Contribution Date
Technology
Contribution Project
Contribution Details
@greggles hey, I know core one-time-login url could have been better option, but there is another feature which this module will have, i.e the statistics which shows login counts and login request counts for an email Id respectively. This would not be possible with core one-time login URL system.
In current one-time-url system every time user requests a login link, the old one-time-url (if any) gets expired and the newly generated URL is valid for next 24 hours only. So I don't understand how these links are guessable ?, since the links being generated is a hash of timestamp and email Id and some random numbers combination as well.
I would like to have your inputs on improving security of current URL system being implemented in this module.
Contribution Issue Link
Files count
0
Patches count
0