better implementations of email activation links

i've been seeing a lot of activation links sent via email and I implemented one but just isn't satisfied with it (the long activation links from other sites kinda looks cool but I can't see the point of it being so long). Here's how my activation link looks like

site/controller/method/4/MJKL

the 3rd segment is the user id and the the 4th one is a randomly genera开发者_高级运维ted token during registration...

i often see this implemented with url strings but what's the difference when using url strings and using url segments?

will it help if I pass any more information other than the user id and the token?

They might have a longer token in there to reduce the chances of an attacker guessing it correctly.

Don't bother passing any more information than you need. And don't be jealous just because the other URL is longer. Size doesn't matter, or so they tell me ;)

Is it the length you're concerned with, or the look of the URL?

I'm guessing you're using Zend Framework or something similar, that's why it shows "segments" as opposed to a parameter string.

Have you thought about using something like tinyURL? The Tiny API with PHP is super easy.

Edit: Another option if you are building html emails, is simply keeping the anchor text short

<a href="http://www.site.com/controller/method/4/MJKL">Click here to activate</a>

I'm still assuming you want to make the URL shorter. If you want to make it longer, you could always append a session ID, a random hash or some other relatively useless information on the end of it that's ignored later.

If you're using an MVC setup, then it generally makes more sense to use the segmented (and also more SEO-friendly) URL: styles. However, this is no different than passing a query string, because the server (most likely Apache) is taking the input URL segments and passing them as a query string to the script anyway.

As for the long ID, that's not necessary. Either you can generate a custom, shorter ID tag, or use something like uniqid() to generate a shorter GUID for the user to activate with.