[SOLVED] 'Send confirmation email' action requires user to be logged in

When a user signs up I want them to confirm their email before using the site. By default, Bubble immediately logs the user in when they sign up. I don’t want them immediately logged in, so I’m logging them out after sign up.

If they were to try to login and haven’t confirmed their email, then they’re redirected to an account activation page informing them to activate their account by clicking on the link in the email.

In case they deleted the confirmation/activation email, I want to include a button to send a new confirmation email.

This is where I’ve run into an issue, Bubble is saying the user needs to be logged in, in order to resend the confirmation email.

1 Like

@emmanuel, any thoughts on this?

It’s a bit safer to do this that way (to be logged in to send this email). Prevents from people sending such emails to different users, marking them as non confirmed, etc. Can’t you change your flow instead? It’s more standard that way.

1 Like

The only way the user gets to the “Activation” page is when they’ve just signed up, or correctly login, but haven’t confirmed their email.

A hacker would have to guess the Unique Identifier to even get to the activation/confirmation page. While not impossible, I think it’s highly unlikely. Even if they did, it’s only sending an additional email to the registered email, which cannot be changed, for verification.

In addition, I’ve built logic into my “Activation” page to redirect that Unique ID to the home page once it’s been activated the first time.

Otherwise I think I would have to build logic into every page of my app to deny/redirect the user, versus hooking it into the login workflow.

I feel like you could have the button to resend the confirmation email to the page that the user is redirected to, and prevent him to go somewhere else if he hasn’t confirmed. Again, that’s how most sites (if not all) do.

1 Like

@emmanuel, OK, I’m trying to rework it so the user performs the actions while logged in. So my current issue is with the workflow that evaluates if the email is confirmed. I have confirmed the email, but the highlighted workflow below is still getting evaluated as if it’s not confirmed. Could you add the “Email Confirmed” field to the database view so I can see if the value is set to “yes”?

No we can’t do this, but you can build your own admin page with a rep group. super fast!

1 Like

Thanks Emmanuel, that was easy! :slight_smile: And I realized that my event would never work. I moved the “when Current User’s email confirmed” into a custom event that gets evaluated after the “Log the user in” action.


I have read this like 5 times and it still doesn’t make sense to me. Why would a user have to be “logged in” to receive a confirmation email? The whole point of a confirmation email is to confirm the email BEFORE they are logged in.

I’m totally lost and can’t make sense of why this concept in bubble is so confusing. Bots would be signing in all day without confirming an email. I have spent 6+ hours just try to get the user to confirm their email.

Please help!!


Can you explain this further? I don’t understand what you mean. Thank you!

HI @Kfawcett could you give more detail explanation about that custom event? Thanks

Sorry, but i have to disagree. That is not a common way. The user should definitive confirm his email BEFORE he can login.

I completely agree, the discussion doesn’t make much sense. Why would you require to login in order to confirm that you are allowed to login. catch 22 anyone.

My solution to this hole mess is (maybe that’s what they meant somehow?) that I create a workflow which 1. log the user in. 2. send the activation code again in the workflow. and 3. log them out directly. I’m sure it’s possible to kind of stop this process as it is client side. Maybe doing it as a backend workflow would make this even safer. But it Does work.

Dear all
I see that the issue is solved, but I also understand nothing.
I search on the Internet a way to authorise user to log in only if email is confirmed. I found nothing.

Hi - we’ve just shipped a feature that allows you to confirm users’ emails without having to send them an email! Learn more here: Retrieve email confirmation token without sending email

This does not solve the issue this post is talking about - we’re trying to resend a verification email to a user if they are logged out (for example, if they can’t find the email)

Any updates on this topic?
Same situation here…
Also the confirmation_email ID does not match User ID and Email Confirmed property does not show “YES”.
I really dont know what to do.

1 Like

Well, as many as you, I was having the same issue and found the way to work around it…

Step 1. Sign-up button goes to a workflow (Backend in my case both works for both)
Step 2. Signup workflow
Step 3: Trigger backend workflow


  • 1: Create an account for someone else
  • 2: Assign a temp password to a user (Pointing to user that you’ve just created)
  • 3: Log the user in (User step 1, password of step 2, stay logged:yes)
  • 4: Send confirmation email (“Just make token” in my case as I wanted so send a more personalized email)
  • 5: Send email (Including confimation link generated on step 4)

This is completely back to front.
The whole singnup/login needs to be thought out properly and redone.

  1. I dont want users automatically logged in. I want the user to first confirm their email - Emmanuel is completely wrong on this.
    I am now spending more hours trying to get this working the way it should.

  2. In the thread http://forum.bubble.io/t/retrieve-email-confirmation-token-without-sending-email/249367 there is a lack of instructions on how to do it - for instance when we are creating demos for users etc or signing them up (not them signing up) - its taken 2 days to get just that working.

Sort it out bubble - this is the basics and its security.
This is functionality that should be working right out of the box.

It makes sense now why so many things are incorrect or poorly designed or missing given the above ‘logic’.