Password protected wall


I’m currently building a website where you have an account and can do "dangerous" things with it. I want to password-protect these things, so the user has to type their password, if they want to continue. I couldn’t find any ressources on this, so I came up with this idea.

My method works this way:

  1. User navigates to dangerous action
  2. The server redirects the user to the password prompt website
  3. The user types the password
  4. The server checks if the typed in password matches the currently logged in user
  5. If check was successfull, the server redirects the user to the action with a uniquely created token associated to the user as a GET parameter
  6. The dangerous actions checks if the token matches to the user
  7. If match, the server will continue as normal

My question: Is this secure?

I think this is secure because I will probably make the token like 511 chars long and bruteforcing it would be very unlikely and I couldn’t find any other security holes in this.