I created a log in system and it works fine. Once someone logs in he is redirected to the profile page. The only problem I have is that even logged out users can access the profile page without login in by copy pasting the link. I put logic in the profile page to redirect any user who isn’t logged in back to the index page. However, the profile page still loads for like a split second before it redirects the user to the index page and the content is visible during that period. I made the content on the profile page hidden but still, I am worries about the security. I want the profile page to not load at all for random people. Please help.
Hey @chathubiz77
Yeah this can be a difficult one, with regards to the split-second load of the actual profile page before the redirection ensure you have workflow events for ‘User is logged in’ and ‘User is logged out’ - in my experience, these tend to work a bit faster than ‘Page is loaded’ condition, then building on an expression. There will be times where you’ll have to add extra conditions of course or use the ‘Do when condition is true’ to listen in realtime for dynamic events that occur on your app.
With that said, when you deploy the page may get a tad faster to redirect in caching back and forth with the redirection. You can go a step further and have elements on the Profile page grouped and hidden on page load, then only show when ‘User is logged in’ for instance, this is an extra layer but makes development on the page a little more awkward in some regards.
But as for the actual content of the profile page, you’ll want to go ahead and setup some specific Privacy Roles so that content isnt shown. This way even if someone manages to stop the redirection and stay within the profile page, they have access to no sensitive data. This is available in the Data tab under Privacy. You can setup specific roles based on the condition/state of the user. It can take some time to adjust to this level of logic and may require some reassessing of structure in your data types and linked objects.
What I do in this case is to have a group or shape in front of the entire page that only is visible if current user is logged in or current user is current pages user.
This topic was automatically closed after 70 days. New replies are no longer allowed.