I'm working on a site which will be accessed by personnel behind firewall which appears to be "tasting" the one-shot urls sent in the new account and request new password e-mails.
Users were complaining that when they received the welcome email when they created a new account, it was already reading as though it had been used. We determined that their mail-gateway/firewall was actually accessing the url in the email before determining that it was "safe" and allowing the url to appear in the email that the users saw. (URL's deemed "unsafe" are not shown to users)
So, I'm looking for suggestions for workarounds. For new accounts, we can not require email verification and instead require moderator approval and I suppose we could have the request password change link instead send an email to admins for them to change the user's password. That's hardly ideal though.
The only other ideas I have are to make the links permanent or to make them three-use links or something, neither which seems like a good way to do it either.
Has anyone else faced this problem and, if so, how did you get around it?
Many thanks,
Barrett
Comments
bumping...with fingers
bumping...with fingers crossed
last ditch bump before giving
last ditch bump before giving up
I am having the same problem.
I am having the same problem. User registration works just fine when no admin approval is required, but when it is and sends email w/ link to one-time login, reads as though it had already been used.