tl;dr
When users double-click the verification link or button in the “verify your account” email, they receive a misleading error message - Your email address could not be verified. This needs to change to “Your email address has already been verified”
Background
We’ve had this issue reported a few times over the last few months, but just put it down to “one of those things”. Yesterday we had a new cohort of users sign up and 100% of them reported the “Your email address could not be verified” error. Reviewing the users in the dashboard showed their accounts had been verified. Looking in the logs showed no relevant errors.
I’ve run some tests and have found the following:
What is happening is that the users are double -clicking the link or button. When they do this, it kicks off the following chain of events:
- The first click opens a browser page, initiating a session which verifies the user’s email address
- The second click (which happens mere milliseconds after the first, and before focus is taken away from the email and to the browser page opened by the first click) starts a second session which fails because the email address has already been verified by the previous session
- This second session opens in the same browser page, so the user doesn’t see the success message
- The user thinks their email address hasn’t been verified
This is very poor user experience, out of our control, reflects negatively on us causing reputational damage. Some users are high touch and not all are willing and use this as an excuse not to engage with a product.