I would like to send a link to a user (via email) that expires after a
period of time.
When a user takes a certain action, they are emailed a link that allows
them access to a certain resource.
What I want to do is make it so that the link will work for a period of
time (say 48 hours) and then will
no longer work. I would like the link to look like:
Rails would need to decrypt the url (it doesn’t need to be
cryptographically secure, but it
should be non obvious), determine if the timeframe is still valid and
serve the resource (or not).
I would rather that the timeframe be included in the link instead of
having to do a db lookup.
Are there any gems/plug-ins out there for this? How would I go about
creating it from scratch?
Are there any gems/plug-ins out there for this? How would I go about
creating it from scratch?
Not sure about existing gems, not having looked at this in Ruby or
Rails, but having solved it in another language: you create an entry in
your database with a token and a timestamp. When a user sends the token
back, you check the current time against the tokens associated
timestamp, and reject it if the token is unknown or the timestamp is too
old. (Periodically, you can garden your database to delete any entry
with an old timestamp.)