This is in line with all the security topics that have been opened recently.
I’ve been trying to figure out what is the best model for Security Redirections. However I see that even using the same security model in two different pages the behaviour is erratic.
If I go to page A and not logged in I am automatically redirected to index as expected.
If I go to page B and not logged in I am automatically redirected to index after the content is loaded in page B.
This makes me believe that the redirection workflow kicks in under different conditions probably because page A and B have different behaviours and different workflows(other than the security ones that are the same). Maybe also parallel execution of them as you mentioned in another post has something to do.
I’ve tried several scenarios:
a) Security workflows copied in both pages
b) Security workflows added to a RE and then added to both pages
c) Security workflows added to RE and then added to another RE(Header)
Every single one gives a different behaviour
What is the best practice here?
How can I make sure that the first thing that kicks in the page are the security workflows?
Maybe an option to mark certain workflows as High Priority? so they are evaluated before anything else and no other workflows run before these ones end?
I’ve been using a blank “redirect” page to handle all the logic. It hasn’t really slowed down the experience much, if at all, but it helps with the 95% use case of navigating from page to page. What it doesn’t help, though, is someone typing the destination URL explicitly. For that, I put conditions on the groups so they only show when the user’s role is correct.
Happy to look at an unpredictable situation if you can recreate one. One thing to note (and we’ll update the reference), is that currently, redirections happen on the server when only one change page action is in the workflow. So if you do:
when page is loaded and current user’s type isn’t admin -> go to index.
I haven’t managed to reproduce the unpredictable situation yet, but I will continue trying. It didn’t happen in all the cases therefore the unpredictability. Could uncleared sessions have something to do?
However, moving forward.
What is the best approach to make sure the redirect is the first thing that happens and that the page is not shown under any circumstance. Just related to workflows.
Do the number of redirects workflows affect? i.e I have 2 “When Page is loaded” workflows with conditions that control login status and correct role. How are they processed?
Do the number of actions in the workflow affect? i.e I have 1 “When Page is loaded” workflow with several redirect actions depending on the action condition.
Can I add it to a Reusable Element and then to the page and expect the same behavior? Per my findings no. This is the erratic behaviour I found that I’m not able to reproduce now.
Is it important where the Reusable element is placed? Per my findings yes. If I add the RE workflows into another RE(like a header) it delays everything and the page loads.
Given that workflows are fundamental for Bubble what do you think about a thread like Josh opened for performance for workflows? Understanding what kicks in the workflows, what the priorities are and which are executed in series and which in parallel would be interesting. Big investment of time in the short term for you but if it leads to a good conversation doc it will avoid repeating the same things to us
Well if you cannot reproduce so far, that means it’s not unpredictable, which is good news. Let us know if you can though.
So as I was saying, it should be a workflow with a change page action, and a condition on the current user or on the page thing. Conditions that use searches are not enforced yet as they are slower to run.
The number of workflows does not matter, but if you have more than one workflow that do different things, the order isn’t guaranteed (it never is in terms of workflow sequence in Bubble), so you’ll have unpredictable results. So you should have clear, non ambiguous conditions. Otherwise the first one that is evaluated as a redirection will win.
It should work similarly in pages and reusable elements.
