Prefetching breaks “magic link” password-less login systems unless you take precautions

I love the Magic Link pattern for websites with drop-dead simple registration like my free daily journaling app called AhhLife.

I’m a big fan of magic link authentication. It’s that UX pattern in which in order to login to a web application you simply plug your email into a form, and the server mails you a one-time use URL that you click to login. It is similar in function to them getting an email with a one-time-use code in it, returning to your app, and entering the…