Re: Ideas for implementing download links that expire, via e-mails

I'd use this technique:

User requests that link be generated
A random string (such as 1234567890abcdef) is generated and stored with its time of creation. A database is the logical tool to use for this storage.
The link is generated using that random string, probably in the query string. e.g. http://example.com/foo.cgi?user=dorward;token=1234567890abcdef
Link is emailed to user

Then, when the link is activated, the CGI script would look up the string (I'd add a WHERE clause in the SQL query to say "where time created is greater then now - 24 hours"). If its the query returns a result, then the link is OK, otherwise the user gets an "invalid or expired link" message that suggests they check they copied it correctly (watch for word wrap) and offers them a chance to generate a new one.

A regular process (probably triggered by cron) would then delete old entries from the database.

This is the type of thing that would be used for mailing list conformation emails. I wrote something along those lines for a "Forgotten your password" section of a website.

The technique generates randomish tokens to identify users, but that is about as similar as it gets to sessions.

Comment on Re: Ideas for implementing download links that expire, via e-mails

Replies are listed 'Best First'.
Re^2: Ideas for implementing download links that expire, via e-mails by polettix (Vicar) on Apr 22, 2005 at 10:08 UTC
A regular process (probably triggered by cron) would then delete old entries from the database. You can avoid this by calling the purging mechanism each time you generate or go looking for a link. Moreover, I'd put this purging call before the actual search for the required item, so that you can get rid of the WHERE clause. `$dbh->do('DELETE FROM tmp_downloads WHERE expiration < NOW()'); $dbh->prepare('SELECT * FROM tmp_downloads WHERE token = ?', undef, + $token); # ... and so on...` [download] I think you're willing to accept the slight race between the DELETE and the SELECT - it would mean that a particularly lucky guy could download stuff in the very few instants between the two queries if the expiration happens right in the middle :) Flavio (perl -e 'print(scalar(reverse("\nti.xittelop\@oivalf")))') Don't fool yourself.	[reply] [d/l]
Re^2: Ideas for implementing download links that expire, via e-mails by ghenry (Vicar) on Apr 23, 2005 at 20:33 UTC
This is how I imagined the process. To be fair, I should of actually shared my thoughts on how I saw this problem being sovled, instead of being lazy and waiting for someone to give me the answer (which I find myself doing more and more these days for some reason :( ). Walking the road to enlightenment... I found a penguin and a camel on the way..... Fancy a yourname@perl.me.uk? Just ask!!!	[reply]