Auto-login from e-mail links
It would be great if a macro could be built that could be used in an e-mail where the recipient simply clicks on a link and they are automatically signed in and directed to their membership profile. Currently, there is a macro that will direct the recipient to their profile, but they still have to manually login to get to it.
Anything we can do to simply the process for members who aren't super computer savy would be great. Having the macro automatically log them in would be a great enhancement. Thought I would post this to see if others also would like to see this function made available.
David Schorow commented
I believe there should have been some update on this issue as this was implemented (not sure in what release). This was done in event emails suggesting that people register. But, in fact, this is a severe security vulnerability. People will readily forward such emails without realizing the consequences, and the recipient of the forwarded email can then log in as the person and do anything on the Wild Apricot system as that person. This feature should be cancelled or made optional.
AdminEvgeny Zaritovskiy (VP Technology of Wild Apricot by Personify, Wild Apricot by Personify) commented
PGBVone - oh, no, this was my very old comments and we did not do this in 4.3 release - otherwise, the post's status would be "Released" (it looks like our migration from previous forums system to current new one changed the dates of all the comment, too bad)
Veronica Scheer commented
Had not thought about how long auto-login link might be active. We go out 90 days after renewal due date before someone is archived and I am guessing once member is archived, link cannot work. I should know this but when is 4.3 scheduled for release or have I totally missed the boat and it is live now?
Veronica Scheer commented
Apricot should consider creating a system MACRO that could be included in the member renewal emails saying CLICK HERE to pay online (no login). This link should be the shortest road to the actual payment system. This would allow automated renewal reminder emails to continue to be sent rather than a single invoice sent only once.
Evgeny Zaritovskiy commented
Sorry for a late reply - somehow we missed this comments.
We do consider this particular feature in our 4.3 release. The way we see it is not like a special "macro" to be inserted into e-mail, but rather that all any link in e-mail auto-login into the site. There will be also a special settings page in the system where you can control this behavior - disable auto-login by e-mail at all, limit how long such links should work (i.e. 24 hours or more) or even reset all links that have ben already sent.