Email confirmation token delete

In my app I have a confirmations controller. When the user goes to the page with the token it says thank you for confirming… and redirects to the home page.

Should I delete the token out of the db once the verified column is true?


That’s up to you! Just be sure that if the user happens to click the link again (or reload the page) they don’t get an error.

Also, consider whether you really need to confirm the users email address. See the bit on email confirmation here:

@derekprior I do need the confirmation as I need the users to have the company’s email address. I have a validation to make sure it is the companys domain in the email address and then I need them to confirm they are from that company.

I think that once you confirm the user you could write down confirmed_at time to a field and delete a token. Then if a user wants to change his email you’d have to generate another token and do the checking again. I think looking at Devise’s TokenAuthenticatable would give you some ideas on the possible implementation. Hope it helps.