I can see a logged in users account just by having their URL?

I have a webapp that has different user accounts

I just logged into a test account; decided to take the URL and paste it into an unauthenticated browser; and it had somehow had access to that logged in account. Not full access, but like a weird in-between signed in/out state.

This is alarming and I’m certain that I must be doing something incorrectly. How are you all configuring your apps so that this doesn’t happen? Is there some way that I can throw up a sign up/in screen if someone gains access to another users link to prevent them from getting in or causing confusion?

Thanks!

-Steffan

Hi @steffanhowey,

There are 2 things which could be done to minimise this:

• redirect unauthenticated users to welcome screen with on-screen-enter actions (conditional if Logged-In user → Email is equal to Empty)
• hide screen content based on the same logic - make a group from all screen elements, and make it conditionally visible.
  This was mentioned here: Adalo tutorials: admin and user access to different screens. UPDATE in the description - YouTube

This should protect against displaying the content for non-authenticated users.

Best regards, Victor.

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.