Retrieve email confirmation token without sending email

The system won’t know whether or not the user’s email is verified until they log in (because it doesn’t know who the specific user is until they log in).

So instead, just immediately log out any user with an unconfirmed email and display an appropriate message.

EDIT

Alternatively, you could of course simply prevent anyone with an unconfirmed email address from accessing “protected” pages / resources - just depends on the nature of your app and the desired user flow.

1 Like