I'd like to offer a way for me to "resend confirmation" email to users who have recently signed up for accounts at my site.
What is a good way to look up their info and make sure the request came from them?
They are able to log in without confirming their email. I was thinking I would use jquery.post
to send their id to a page, which looks up their email and resends the confirmation. Is this secure enough?
If I have a session set in one page where I am sending a jquery.post
from, will the session variables be passed to the page I post
to?
The cookie identifying the user's session will be passed along when the jQuery post is sent which will automatically populate $_SESSION.
Make sure you store their user ID in their session, not as a separate cookie that the user could tamper with.