I'm wondering how Instapaper (bookmarklet that saves text) might generate URLs for their bookmarklet.
Mine has a script src of something similar to www.instapaper.com/j/AnJHrfoDTRia
The quality of these URLs is that they need to never collide, and not be really guessable (so other people can't save to your account).
I know a simple approach might be to MD5 their email address (presumed to have been checked on signup for uniqueness), but then I'd end up with a super long string. This isn't a huge issue, but I'm wondering what techniques there are for shorter GUIDs that won't collide too often (this is obviously the tradeoff, but 12 characters above is pretty short in my opinion)
MD5 the username. Take the first X characters of the resulting MD5 hash. Check to see if there is already a url token with that value in the DB. If so, take the first X+1 characters and try that (and so on). If not, then you have your token for that user. Store the token in the DB and look it up there from now on - don't try to re-create the token from the username each time or whatnot.
You could probably start with X=7 and do fine (no more than 1-2 tries for the vast majority of token generations).
Also, you may want to add something else into the hash calculation (say, their or a random number) just to make it harder to predict a given user's token.