|
|
|
|
|
|
by dcm360
217 days ago
|
|
|
> A user may make a typo in the email, and that email might still be a valid email know to work (but for another, unrelated person). That won't verify. The issuer should check if the request has valid session cookies for the e-mail-address that should be verified. This also implies that it just won't work for any service that uses sessions with a short timeout. |
|
|