How about simply sending the user a link with a timestamp in the query string and a digital signature? Then only allow the operation if the signature is valid and the current time is prior to the timestamp. If you need to ensure the same user cannot submit the form more than once using the same link, you could add a unique code to the URL and store that code in the database with the form submission -- then don't allow submissions with codes that are already in the database.
Anthony On Thursday, August 4, 2016 at 10:09:56 PM UTC-4, Dave S wrote: > > For support issues, I can imagine having a "one time account". That is, > the account is created, info sent to the person-being-supported, p-b-s logs > in and gets a form page to do what needs to be done, and then is logged out > and the account disabled. Any good way to do that without having an admin > sitting around watching for p-b-s to show up? > > I would probably prefer (as a potential p-b-s) to have a time-limited > account, where the login queues a scheduler task that in n hours or n days > or whatever does the disabling. That way, if p-b-s messes up on the first > try at the form, there's a grace period for getting it right. But the > original scheme could mostly handle that by having an admin (or support > person) re-enable the account. If the support person is the one who > recognizes the error, that would be a natural way of handling it. > > Thoughts? > > /dps > > > > -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.