Password Reset Page


#1

Hi Zed. First off, I just want to say that I really appreciate your books. They’re very easy to follow and understand, even if the exercises themselves aren’t.

Anyways, here goes. So I’m making a habit for myself to change important passwords at the start of every month. So I came here to change this one. I noticed that when the user clicks on your password reset item, you send an email with a link. I just find this somewhat interesting as most sites automatically redirect a user to a password reset page or open up fields right on that page. Is there a particular reason you’ve chosen the method you did? Is this actually more secure than what most websites do? It’s necessarily good or bad; I’m just curious.


#2

Exactly, I have my own wonders about this procedure


#3

As long as I’m aware, @zedshaw uses for this forum the Discourse-Software.
It is from Jeff Attwod (one of the founders of StackOverflow ) and his team. Maybe you find an answer of your question on their homepage.


#4

You mean even if you’re logged in it sends you an email? No idea why they do that, but it might provide extra security. I actually didn’t write this software so I’m not sure why.