The first visit to an invite_page should set a flag in the database that it has been visited.
Later visits to the invite_page should check the flag, if it is set then it should only show the page if the "phone_number" session matches. Otherwise it should show an error, or even better: redirect to a general landing page
This will prevent the genuine invitee from sharing forwarding his invite SMS (as long as he viewed it himself first), while also allowing the genuine invitee to view the invite_page multiple times (his mobile browser will have the correct session data). This is important in case he doesn't immediately install the app, but rather later on opens the SMS and clicks the link again
The first visit to an invite_page should set a flag in the database that it has been visited.
Later visits to the invite_page should check the flag, if it is set then it should only show the page if the "phone_number" session matches. Otherwise it should show an error, or even better: redirect to a general landing page
This will prevent the genuine invitee from sharing forwarding his invite SMS (as long as he viewed it himself first), while also allowing the genuine invitee to view the invite_page multiple times (his mobile browser will have the correct session data). This is important in case he doesn't immediately install the app, but rather later on opens the SMS and clicks the link again