Hi Zed. First off, I just want to say that I really appreciate your books. They’re very easy to follow and understand, even if the exercises themselves aren’t.

Anyways, here goes. So I’m making a habit for myself to change important passwords at the start of every month. So I came here to change this one. I noticed that when the user clicks on your password reset item, you send an email with a link. I just find this somewhat interesting as most sites automatically redirect a user to a password reset page or open up fields right on that page. Is there a particular reason you’ve chosen the method you did? Is this actually more secure than what most websites do? It’s necessarily good or bad; I’m just curious.

Exactly, I have my own wonders about this procedure

As long as I’m aware, @zedshaw uses for this forum the Discourse-Software.
It is from Jeff Attwod (one of the founders of StackOverflow ) and his team. Maybe you find an answer of your question on their homepage.

You mean even if you’re logged in it sends you an email? No idea why they do that, but it might provide extra security. I actually didn’t write this software so I’m not sure why.