While building my first app I noticed that if I want to redirect users away from pages because they are not logged in, Bubble first loads the page in the browser and only then the redirect happens.
So if non registered users have the direct URL to pages they are not supposed to see (lets call them “private” pages), they can simply go there and stop the browser before the redirect.
I read a little and I found 2 tricks that Bubblers suggested:
1. Hide the content on these “private” pages with an element and then un-hide it if the user is logged in.
In this case the content is still loaded in the browser, so using the browser dev tools, users still have access to the page.
2. In those “private” pages, each sensitive information, can be loaded with a condition. So even if the user get to the page, the stuff that they shouldn’t see will not be there.
In the case, I’m not sure if the content will be loaded in the browser or if the server holds it until the rule is met (which is more secure). But it requires a lot of work going through all the details on all the pages and creating conditions.
Both of these options feels too complicated and not very friendly, for a fairly basic functionality.
Anyone has another suggestion?