Auto login on email verification & new account verification


I’m doing some research on new account verification best practices. One of the common ones I see is email verification. The question I have today is:

1 - Is it a good practice to log a user in when they click a link in the confirmation email that says ‘Confirm Your Account Now’?
Why not have them enter a password first? I’d think there would be some security issue here?

2 - Should the email have a time limit? If so why?

Are there any papers on this subject? I’ve seen examples but there doesn’t seem to be any talk on the whys of this type of new account verification.


Necesito Verificar mi cuenta