Forum OpenACS Q&A: Response to Registering users with post-facto email address checks...?

How about authorizing the user immediately, send them
an automatic welcome email with a coded url requesting them to click on the link that flags the db that the email is valid.

If they don't do this in x days. the account automatically

This way, the user can stay logged on and still have
their account deleted if the email isn't confirmed

We may implement something like this soon.