Weird question but interesting.
I have data fields that are private and some is public, I noticed that if i am is not logged in and avoided cookies… I can see and access the private fields.
If i accept opt cookies whether logged in or not, everything works perfect.
How this could happen? from logic it seems that if some one is not accepted cookies, he will be like ghost without boots.
It doesn’t make sense 
Could you share more details about you setup, workflows and database privacy rules?
It does not make sense to me either.
I have a data field of user called following, if creator ID is in following simply “SHOW CONTENT”, If cookies is not accepted > the content exposed ;/
Do you have ‘ignore empty constraints’ ticked on the search? If so perhaps the expression is not working correctly as if the user is not logged in, part of it will be missed as the search is null and will be skipped.
Constraints is ignored, the way you think is like mine… the expression is not working right or because its overall search(CONTENT REPEATING GROUP)
But what is strange that if cookies is accepted, the expression and everything works totally fine.
I am missing something for sure, and it’s confusing because it shows that the work of cookies is to hide or show boots.
Even if you are not logged in to a bubble app, you have a User ID via cookies as a not logged in user. If you don’t accept cookies then I guess your UID is null.
So if UID is not submitted or bubble cant figure out if not logged in or yes, what do you suggest?
I’m not 100% on the exact ins and outs but I would suggest that the user doesn’t have access to that workflow by design without being logged in.
I cant do this, because it works as an open source for attraction
And by the way if the user logged in and cookies is not accepted, the same result happens
Well you have to deliberate between what is required to access your app and your users privacy. It is not unusual for a web app to have a notice that says that cookies are required to use this website if browsed in privacy mode. If your app breaks because of fundamental privacy vulnerability, it needs to be redesigned to work securely. You also need to set your privacy settings to make sure that records can not be accessed.
Great advice and directions, I will think about a solution and as you said to deliberate between user statuses, I though about this.
Simply to spawn more RG’s with a solid expression of SHOW PERMITTED CONTENT (if user cookies is not accepted)
I mentioned that accepting cookies help us to improve the experience.
No worries, I like a challenge! 
precious DNA 
