Don't put a long token in an email URL 0 ▲ brtkwr.com 19 hours ago · Tech · hide · 0 comments TL;DR Link to heading Put a long signed token in an email link and you have built a bug that fires deterministically for some recipients and never for others. MIME quoted-printable wraps lines at column 76, some mail providers re-encode the message and mangle the escape that lands on the wrap seam, and if the first seam falls inside the token a single flipped character makes the signature stop matching. The page returns 404. The fix is to keep the URL credential short, an opaque id resolved server-side. But that swap turns a stateless credential into a stateful one, and there is a whole family of transaction-ordering traps waiting on the other side. Those traps are the more interesting part. No comments yet. Log in to reply on the Fediverse. Comments will appear here.