Vishal Pandya wrote:I still have some doubts.
doubt = "I understand it, but I don't agree with it.".
You have some
questions "I don't understand it".
1) In case I use a Preshared key, I can ask the user to enter it at the registration time,right?
No. You generate it yourself based on for example the username and a string constant which is only known at the server side.
2) Is it good practice to expire the activation link? What is good/benefit of that?
It's normal that an user activates its account immediately after registration. But OK, that's your choice after all.
3)
Bauke
Then the key can be removed from the DB
.
Is it because there is a chance of getting it repeated?
No. Just to clean up data which you aren't going to use anymore.
4)
Bauke
it makes no sense to set the 'activated' in the key's table of the DB, keep it in the user tableit makes no sense to set the 'activated' in the key's table of the DB, keep it in the user table
You mean we should keep it in only Login table, right?
I would call it the User table. You have users in there, not logins.