How to enforce logging in every session?

I want users to log in every time they use my app. How do I go about enforcing that?

Why would you want to do that? Logged in just means authenticated. If the user can be automatically authenticated, that’s great. Let them stay authenticated.

Are you seeking to detect user presence? There’s actually what seems like a good solution in the free plugin discussed here:

But, if not, don’t even worry about this.

Example: Let’s say only a Thing’s owner can modify it. Sure, you need to make sure of that and have your pages do stuff like bounce not-logged-in users somewhere safe. And further, you need to have the correct Privacy role settings on various fields so that fields that cannot be modified by just anybody are not modified by just anybody…

But all of that works automagically with login and authentication as built into Bubble. There’s no need to do anything extra.

If you explain your rationale for this more, we can provide tips on how to accomplish what you seek to accomplish.

But this is one of those “cart before the horse” type of question posts, on the face of it. You say, “I need to do x.” But there’s literally no reason to do x. So your actual question is about something else…

What is it you are trying to do?

There might be some secure information on the account, and don’t want someone to go on it. Would prefer to protect it.

Hey,
You just can a user to re-enter his password. There is an action for this in the workflow’s account section.

Well, again, if the web session is authenticated, it’s authenticated.

Now, there is always the possibility of a user using a public web terminal and not closing the session, right? Is that what you’re trying to avoid? (But do we need to design for this anymore?)

Anyway, if you want to “force the user to log in” (again, this simply isn’t necessary for any app that you should be building on Bubble), what you are really asking is:

“Is there a way to force the user to log out?”

You can only ensure that a user “has to log in” by ensuring that they are logged out.

So, you have to build some logic and make some assumptions about user activity and if it is reasonable to assume that the user has been “inactive” for long enough that it is safe to assume they are done doing whatever it is they do in your app that you can execute a “log the user out” action.

(Because of course the default behavior for users is NEVER to log out, unless they are accessing someone else’s or some public device.)

Again, I’ll point you to the Efactive plug in I mention above as one thing it can do is track “idle time” as well as whether the tab/browser in which your app is running is hidden.

You could use either or both of those states to force a logout action.

GREAT BIG CAVEAT: From your other thread, I see you’re interested in sending encrypted email. Of course, this is not a simple thing and certainly not a thing you can do in vanilla Bubble. This is a big topic.

Anyway, you’re not trying to build something that needs to be HIPAA or PCI compliant, are you? (Or comply with some other rigorous PII protection regime?) If so, you’re likely barking up the wrong tree in using Bubble.

If you’re NOT trying to so such things, just go learn about how you set up privacy rules and make pages that can only be accessed when logged in, etc. It’s not clear from your posts that you understand how that works yet.

But don’t get wrapped around the axle about forcing users to log in or force-logging them out. It’s just bad design.

Perhaps I should do one of my long talky videos about the basics of how one does all of these things in Bubble. It’s basic to every app but I haven’t really seen the canonical tutorial about this topic.

2 Likes

This topic was automatically closed after 70 days. New replies are no longer allowed.