Disable link after click sent through JavaMail

Question

I am using java mail and activation to send email to the user. When user clicks forget password, a mail is to be triggered to user email with link for resetting the password.

I dont want user to use same link again, so when he clicks the link from email...the link should get disabled..

I am not sure how to do it...

String body = "<a href='resetpage.jsp'>Reset Password</a>";
Message message = new MimeMessage(session);
        message.setFrom(new InternetAddress(username));
        message.setRecipients(Message.RecipientType.TO,
            InternetAddress.parse(email));
        message.setSubject("Password Reset");
                    MimeBodyPart mbp = new MimeBodyPart(); 
        mbp.setText(body, "UTF-8", "html");

                    Multipart multipart = new MimeMultipart();
                    multipart.addBodyPart(mbp);

                    message.setContent(multipart);

        Transport.send(message);

From this code, i am getting the link in email..but now after user click the link in email..the link should get disabled..or i want to make sure..when user clicks the same link again it should not work..

Answer 1

If I understand you correctly you would like to enable the user to click a link that will achieve some functionality and thereafter invalidate the link to ensure that it cannot be reused for performing another change.

What I would suggest is:

• Generate a token of some sort UUID.randomUUID().toString() would work nicely.
• Store the token in the database with something to indicate who it was for and what function it would allow (Joe Soap, Password reset)
• Send a URL to the user including ?token=[token_string_here]
• When the page loads check the token exists and display the function you wish to make available.
• When the code makes a change to the user / account, check that the token exists again before performing the action and then delete the token from the database