What’s that about?
Every online business that deals with user needs to solve user registration problem.
PostJobFree.com is not an exception.
- How to preserve user data and make it available to the user later?
- How to create new account and did not distract user from her task in hand?
- How to deal with account recovery in case when user forgot her password?
User account management is tricky.
Here is what we come up with in our latest iteration of user account management on PostJobFree.com
Account registration use case
To illustrate, let us consider the scenario when job seeker applies for a job.
Here’s an example of the job that user might apply
If user is new – PostJobFree asks for email address.
That allows us to immediately attach email to new user account.
But what username should we use?
Our current approach is to use randomly generated username. The username stays randomly generated until user confirms her email.
As soon as user confirms her email (by clicking email confirmation link in email that PostJobFree sends to the user after initial registration), PostJobFree automatically assigns username that is equal to user email.
In addition to that, PostJobFree generates account password and emails both username and password to the user.
User accounts merge
What if PostJobFree already has other accounts with the same email?
This is trickier that just totally new registration. Our solution is to automatically merge two accounts together. Generally we merge all user data into oldest account.
Merge means that SQL code goes through every table that keeps various user data and merges @fromUserId records into @toUserId records.
PostJobFree also auto-logins user who just confirmed her email into her account.
Security considerations
What if malicious user Chuck created account with Alice’s email?
If Alice later creates an account with her email, then she may get her account merged with Chuck’s account. That may bring Chuck’s data into Alice’s account. Such data is unwanted by Alice and could potentially be harmful (e.g. spam).
In order to avoid that problem, PostJobFree does NOT merge accounts that do not have their email confirmed.
Conflicting usernames
What if Chuck registered his account with alice@gmail.com username and chuck@gmail.com email (username is different from email, and email does not belong to Chuck)?
When Alice confirms her email and PostJobFree creates new account for Alice, her perspective username alice@gmail.com is already taken by Chuck.
In this case PostJobFree takes away alice@gmail.com username from Chuck’s account and gives it to Alice’s account.
Chuck gets either chuck@gmail.com username (if Chuck’s email is confirmed) or randomly generated username (if Chuck’s email is not confirmed).
Username and password settings flexibility
Most users don’t want to spend time on choosing their username and are happy when PostJobFree does it for them. However some users still want to use their own username.
In order to support that case, PostJobFree has page that allows user to change username to anything user likes (except usernames that are already taken).
Similarly, user can change password, but most users don’t bother, so PostJobFree tries not to distract users by requesting that.
User workflow
1) Alice opens job description page.
2) Alice clicks “Apply now” button.
3) Alice enters her job application {Email, message, resume) and clicks “Send message”.
At this moment PostJobFree creates new account for Alice and sends her email with “confirm email” link.
After sending email (which is fast), PostJobFree redirects Alice to the next page where it asks Alice to publish her resume.
After Alice publishes her resume (or skips that screen), PostJobFree redirects Alice to the next screen – setup job search alert.
Next screen is list of jobs that PostJobFree thinks might be relevant to Alice.
The main goal here is to walk Alice through all required business screens without distracting her by account registration forms.
Notice that Alice has her account already, and as soon as she confirms her email – she would automatically get username and password.
Questions?
Please let me know if you have any questions or pitfalls that you see in such approach to seamless account registration.