How about simply sending the user a link with a timestamp in the query 
string and a digital signature? Then only allow the operation if the 
signature is valid and the current time is prior to the timestamp. If you 
need to ensure the same user cannot submit the form more than once using 
the same link, you could add a unique code to the URL and store that code 
in the database with the form submission -- then don't allow submissions 
with codes that are already in the database.

Anthony

On Thursday, August 4, 2016 at 10:09:56 PM UTC-4, Dave S wrote:
>
> For support issues, I can imagine having a "one time account".  That is, 
> the account is created, info sent to the person-being-supported, p-b-s logs 
> in and gets a form page to do what needs to be done, and then is logged out 
> and the account disabled.  Any good way to do that without having an admin 
> sitting around watching for p-b-s to show up?
>
> I would probably prefer (as a potential p-b-s) to have a time-limited 
> account, where the login queues a scheduler task that in n hours or n days 
> or whatever does the disabling.  That way, if p-b-s messes up on the first 
> try at the form, there's a grace period for getting it right.  But the 
> original scheme could mostly handle that by having an admin (or support 
> person) re-enable the account.  If the support person is the one who 
> recognizes the error, that would be a natural way of handling it.
>
> Thoughts?
>
> /dps
>
>
>
>

-- 
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
--- 
You received this message because you are subscribed to the Google Groups 
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to