[Mailman-Developers] Re: GET vs POST (was Re: subscription confirmations)

[Chuq Von Rospach]

On 7/18/01 11:02 AM, "Dale Newfield" <Dale@Newfield.org> wrote:

> You're making the assumption that people can "click this button" in their
> mail readers.  We don't know that.  We do know that once they are looking
> at the page in their web browser, they can definitely "click this button"
> to confirm (or do nothing).

The answer is this:

In the confirming email, you say something like:

To confirm your subscription, please use this link:

    http://www.foo.com/mailman/confirm/XXXXXX

If this link doesn't work for you, then go to
http://www.foo.com/mailman/confirm, and use code XXXXXX to confirm your
subscription.

If someone goes to /confirm, it brings up a page querying them for the
confirmation number, which is some value that Mailman generates to link the
user to the confirmation request. The shorter the better, so don't use
things like e-mail address -- generate a unique value, and (as always) make
it case insensitive, and watch out for the normal gotchas, like '1' and 'l'
or '0' and 'O'. Don't assume they're going to be able to suck the code out
of the URL, don't assume they'll cut and paste, and don't assume they can
take a long string and type it in without typos. So keep it short and clean.
Five or six characters, preferably [A-Z0-9], and don't presume english,
since Mailman is international. So it's better to use unambiguous random
characters than english-like passwords...








-- 
Chuq Von Rospach, Internet Gnome <http://www.chuqui.com>
[<chuqui@plaidworks.com> = <me@chuqui.com> = <chuq@apple.com>]
Yes, yes, I've finally finished my home page. Lucky you.

Always look away from the obvious answers, because if you don't find
a better one, you can always go back to them on short notice.