I have a form where a user submits their email, a record is inserted into the database, and the database id is added to the session. They are then redirected to a LiveView where the session is passed.
In case the user closes their browser or they want to find their page for any reason, I want to send an email and SMS containing a link. When they click the link they should end up back on their particular page.
So I need to generate a token for them.
Phoenix.Token
seems like it would work, but it generates a long string, which would work fine for sending in an email, but is too long for an SMS.
Is it secure enough to just generate a random token, save to the database, and include that in a URL? What length is considered “good enough”?
No personal information is available on the user’s page and the page is short lived.
I’m paranoid about security after reading so much! Thanks.