Open flamisz opened 7 years ago
As we put the Auth::user() into the head section, the user can see the confirmation_token. He can fake the confirmation by hitting the proper route with this param.
Auth::user()
confirmation_token
The confirmation_token should be a hidden attribute in User model.
As we put the
Auth::user()into the head section, the user can see theconfirmation_token. He can fake the confirmation by hitting the proper route with this param.The
confirmation_tokenshould be a hidden attribute in User model.