Hi there, I'd like to send an email to confirm the user identity after he self registered on my web app. I think that send an url with the action path and the user id is not a good idea. Can anyone give me a suggestion or some link to resources out on the web?
You can encode the user ID (and whatever other info you need) and associate the encoded number/characters with the user. For example, generate a simple hashCode (or something more sophisticated) from the user ID, and store both pieces of info in your db. Send the link to user with that encoded info as a URL parameter. When the user clicks on it, you can get the encoded URL parameter and retrieve the user ID from the database. I think that's what most real life systems do.