Hello all! I’m trying to set up a page on my site where visitors can’t access it unless they’ve been ‘verified’ first; however, my users never log in. The way I have it set up now, visitors have to do a phone verification to navigate to a certain page on my site. However, technically, they could just go straight to that URL and bypass the verification. Is there some sort of ‘session token’ I could create, where a page can only be accessed if my Bubble app can find the token-- otherwise it’ll redirect them back to the phone verification? I hope I’ve been clear enough about what I’m trying to accomplish. Thank you in advance for any help you all can provide!
Sure! You could do this by setting a cookie
Create a “thing” called checkeR
After registration, set a cookie that indicates registered. Now create a new thing and , go on to the next screen but send page parameters containing the uniqueID from the result of step 1
Then on the next page, keep all groups hidden on page load and add the workflow action
On page load if do a search for checkR with a constraint of uniqueID= (Grab the parameter from the url you passed along) :count =1
— show groups
If not, redirect
Hey, thanks for the swift response! However, your reply challenged me to think about this a different way and I found a much more streamlined solution.
I created a new field under the User data type called “verified” with a yes/no pre set to ‘no’. When a user goes through the Twilio phone verification and is approved, I make a change to ‘Current User’ and switch the “verified” field for the Current User to ‘yes’. I then set the restricted page to only load if Current User “Verified” is 'yes". Otherwise it redirects them to the page with the phone verification. So now if anyone tries to access the page directly there’s no cookie to attach them to the User data type.