Automatic login after email address verification from email message

Question

When users verify their email address successfully, could I just log them in automatically?

I consider the following reasons to do so:

• The link is a random hash
• Users will already be annoyed by having to validate
• I will trust anybody who has access to the email inbox anyway, since you can reset your password
• Users can of course only validate (and therefore autologin) once

I am asking because sending a link that logs you in automatically makes me feel like I am missing something.

Answer 1

It is better if you at least ask them for their password for email verification. That way, you actually verify that the email address belongs to the user.

If you auto-login, you just verify that the email address exists and that the user this email address belongs to wants access to the account.

Regarding your third point: you hopefully only trust the person(s) with access to that address once you have verified that the address actually belongs to the user (which you could do by asking for the password during verification).