Session log — Vodalibrary: 6-digit code sign-in, and email moved off SendGrid

InternalView platform →
← All session logs

Session log — Vodalibrary: 6-digit code sign-in, and email moved off SendGrid

13 June 2026, evening · Vodalibrary · Hasmukh with Claude · auto-published from the local journal entry. A polished narrative version can be requested in any future Claude session.

Summary

  • Changed how people sign in to vodalibrary.online. Instead of clicking a link in an email, members now type a 6-digit code that we email them. This matches the experience on the doctors' site (medilearn.africa).
  • The whole sign-in journey is now: enter your email, receive a 6-digit code, type it in, and you are in. Sessions still last 30 days and the member list is unchanged.
  • Built the new sign-in on a safe copy of the site first, tested it thoroughly, and only switched the live site over once everything passed. The live site was untouched until the new sign-in was proven.
  • Confirmed who is on the list: Hasmukh as admin plus six viewers (two Mobilearn staff and four Vodacom managers). All seven kept exactly as they were.

Decisions

  • Do the sign-in code change first (this session). It needed nothing from Hasmukh.
  • Keep emails coming from the Vodavideos Library at vodalibrary.online, so members see no change in who the email is from.
  • A code expires in 15 minutes, so it cannot be pre-sent. When Hasmukh adds a new member, the site now emails them a plain welcome note telling them to go and request their own code (no code in that email).
  • Hasmukh's wider goal is to stop using the current email service (SendGrid) and send through the same service Kenn set up for the doctors' site. That is a separate piece of work, agreed for next time (see Follow-ups). The actual doctors' email tool cannot be installed into the library because the library is a different kind of website, but the same email service can be used so the result is identical.

Changes made

  • Replaced the emailed sign-in link with an emailed 6-digit code across the library's sign-in pages and behind-the-scenes logic.
  • Security carried across from the doctors' site: the code is 6 digits, only a scrambled version is ever stored (never the code itself), it works once, it expires after 15 minutes, it locks after 5 wrong tries, and a new code can only be sent after 60 seconds. The site still never reveals whether an email is on the list.
  • Updated the sign-in email wording from "click this link" to "here is your code", keeping Hasmukh's existing wording about the private archive and the Mobilearn contact. The wording is still editable on the admin Email settings page.
  • Old sign-in links now show a friendly "please use your code" message instead of breaking.
  • Full backup taken before any change (database export and copies of every file changed, kept on the server). The previous versions can be restored if ever needed.
  • Tested end to end: 21 logic checks, 13 web-flow checks on a safe copy, 10 email-content checks, and 9 checks on the live site itself, all passed. No member emails were sent during testing.

Update — Phase 2: library email moved off SendGrid (same session, evening)

Hasmukh asked to do Phase 2 straightaway. In a guided browser session (he signed in to his hosting, I drove the rest), we moved the library's outgoing email off SendGrid and onto the same email service the doctors' site uses (his domains.co.za hosting), at no extra cost.

Decisions (Phase 2)

  • No new package needed: his existing email package already allows up to five domains and only one was in use, so the library's mailbox was added to it for free.
  • Emails keep coming from the Vodavideos Library at vodalibrary.online, so members see no change.

Changes made (Phase 2)

  • Added vodalibrary.online to the existing email package and created a dedicated mailbox for the library on the hosting service.
  • Added the three small web-address settings that prove the library is allowed to send and keep mail out of junk (sender authorisation, signing key, and a mail route). All confirmed live.
  • Switched the library's behind-the-scenes email from SendGrid to the hosting mailbox. Kept the old setup as a backup so it is fully reversible.
  • Tested: a test email arrived in Hasmukh's inbox from the Vodavideos Library, and the live site successfully sent a real code through the new mailbox. No errors.

Follow-ups

  • Once the new email has run smoothly for a few days, the old SendGrid bits can be cleared away (a couple of leftover web-address entries and an unused key). Left in place for now as a safety net.
  • Optional: Hasmukh to do a real sign-in himself on vodalibrary.online to see the full new flow (a real code was sent to his inbox during testing).