First time I used a QL was probably around the 2008 or at least that I noticed…I don’t think is a really new technology but as a concept still there’s not many companies implementing them. I see it a lot in newsletters from “groupon” clones or online shops.
Quick Login or Click & Login, is a really useful tool that you will love if you use it correctly.
How it works?
You generate a link that normally is sent via email and that after clicking the link the user would be login and redirected to the desire target.
Imagine want to send a newsletter to users that they didn’t visit you in a really long time. Probably when you add a link to your site or to their panel or to an specific action, they won’t be able to do the action or visit the page. The solution a Quick Login. Click and go!
Imagine to allow users to pay directly from the email or at least bringing him directly to the payment gateway! In many companies I worked with this made a difference in sales 😉
How to
Structure of the link:
http://yourdomain.com/ql/HASHKEY
On the controller QL we read the hashkey that was previously encrypted with a 2 way algorithm for example using mcrypt.
In this hash we include an expire date so we can expire the link a user identifier and the target URL.
The Expire date is just a security measure to avoid using old generated QL.
Extra security
We had always many fights about how to secure more the QL. What happens if someone forwards the email to a friend? or if you click to different ones?
Well we can add some extra security by using a token. So every time you generate a QL you generate a QL token that belongs to that QL and once is used we disable the token.
You will say, ok this doesn’t actually fix the problem….we did too add a comparison of the user agent to check that at least is the same as the last browser the user used. In worst scenario if the user changed the browser he will be redirected to the login page, but hey! if is the same person he would be logged in and that is much better than before, no?