Log in log out

ryan_les · August 11, 2023, 7:35am

Hi Noobie low coder question without notice…
I have set security login and logout correctly so when the user logs out their security identity goes from a number to false so they are effectively logged out. But on testing they can still navigate back to pages and not be logged in or even append url with page name and be directed there even though logged out. Is this a localhost dev server thing and will it not happen in production or am i missing a step where they are effectively unauthorized to view pages until logged in,

,TIA

sitestreet · August 11, 2023, 9:52am

You need to click on ‘App’ in the App Structure panel, then click on ‘Security Provider Enforcer’ and this will then make the page redirect to your chosen page if the visitor isn’t logged in.

You also need to make sure you have used the Security Restrict action in all your API action scripts so that they can’t be run without logging in.

ryan_les · August 11, 2023, 10:40am

Thank for the reply. I’ve added the restriction server side but enforcer seems to be missing

sitestreet · August 11, 2023, 11:06am

Have you set up the Security Provider in the Globals section of the API (Server Connect)?

This should be a good reference, too:

Apple · August 12, 2023, 6:03am

For some reason, the process is different for NodeJS

kfawcett · August 12, 2023, 2:37pm

Just in case someone stumbles upon this and is building a mobile app.

Using a redirection on the server side will not work on mobile apps. I add the User Server Connect to every mobile page with a Unauthorized Dynamic Event. If it returns unauthorized, then I use a Browser component’s go to action.