Account verifying seems flawed #15
Labels
Comments
|
Oops! yea, was supposed to be setInterval. Yea I thought about the up to 1 hour issue, keeping a queue is a fancier version of what I imagined as the fix which would have been just to iterate the whole thing every hour. Can you make a PR fixing the |
|
I'm new to this. I'll try now |
|
@fxfactorial done |
|
Was fixing all of this; but shouldn't we store this in the database. so the links set will survive a server restart? |
|
Yes, I think the link along with its creation date (for checking if it's expired) should be stored in the database. |
|
Yes, that's the correct thing to do
…Sent from my iPhone
On Dec 29, 2016, at 6:46 PM, Sparik Hayrapetyan ***@***.***> wrote:
Yes, I think the link along with its creation date (for checking if it's expired) should be in the database.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub, or mute the thread.
|
|
Ok, already have it locally :) will PR later. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I think this is supposed to be a setInterval instead of setTimeout. Otherwise it will clear the object only once, then the object will keep growing.
Even with that fix, an account verification link may be valid not for 1 hour, but for up to 1 hour. It may be valid for 1 second if a user registers 1 second before the register_email_users cleanup. This may be fixed by keeping a queue of registered users, pushing when a user registers and the link is sent, and poping all expired links every 1 hour, for example. Also this will make the implementation of 're-send the link' easier.
The text was updated successfully, but these errors were encountered: