Attendee's Cancelation Process

[garthkoyle]

When allowing attendees to cancel their own registrations, you have to protect against unauthorized and accidental cancelations. Unauthorized cancelations can happen if the cancelation process does not include a verification step or is simple enough to be spoofed or vulnerable via brute force attacks. Accidental cancelations when attendees inadvertently, or purposefully, click links with unintended consequences.

The process (could) include:

• Create a new "Request Cancelation" shortcode that you can add to the Registration Approved confirmation emails.
• The "Request Cancelation" shortcode will input a special link for attendees to click and request a cancelation.
• After clicking the "Request Cancelation" link, the system would send the person a new "Confirm Cancelation" message.
• The "Confirm Cancelation" email template would have a verification link for people to click to cancel their registration. For security purposes, the link would expire after a short period of time (nonce, etc).
• When a registration cancelation is confirmed, the system would send the normal "Registration Canceled" email message.

Designing the process in this way will help protect against unauthorized and inadvertent cancelations.