â–Ľ
Streaming live at 10am (PST)

Can I make different password protected pages recognize first log-in?

Is there any way to make different pages in Webflow recognize the same password. For instance, you cant place a password protected collection into a folder - so these will always have to be protected separately.

For example: I have a client that needs a dashboard page for a CMS collection.

Process

  1. Staff clicks on projects review page (protected) and enters password
  2. Page contains a gallery view of project folders with identifiers
  3. Staff clicks on folder assigned to them and is taken to that CMS collection item (also protected to avoid access via direct link)

However, this requires the staff member to enter the password on both the dashboard page and the collection pages.

For what is worth, I have looked through so many posts in these forums and tested about 20 applications for this project (airtable, larksuite, memberstack and more) including using firebase authentication only to discover how easily it was to bypass the authentication process. I just haven’t found a solution that doesn’t create security issues.

And as many of you have probably have experienced with your own clients, they don’t want an expensive subscription or have to learn/use a separate system. They really want everything in their Webflow site.

I know membership functions are coming soon and that should make this possible but I was hoping there was a script, work around, or something obvious I am missing (wouldn’t be the first time) that wouldn’t force staff to enter the same password again until we get membership functions.

Any advice would be greatly appreciated. My brain is mush at this point.


Here is my site Read-Only: LINK
(how to share your site Read-Only link)

Hi @ArctypeCD this is very verbose request with many open questions about logic. For example It looks that your client is requesting to have user access only to certain folders. Who will create these folders? Are they global folders created by client or folders created by user? What folder informations will be hold within identifiers. Who and how will determine what folders the user will be allowed to get access to?

As you see there is many questions as API model is not described in detail.

Can you explain the way how to bypass protected Routes based on user ID? As IF this is possible you should report to these companies where you have discover their API security breach.

You can write your own API if these do not work for you.

m2c :wink:

1 Like

Hey @Stan Thank you so much for replying. And, sorry for failing to be clear in my explanations.

Re: the authentication bypass. The solutions I was using placed JS in the footer code of the Webflow website. From what I learned you can inspect the code and alter it in the browser to bypass authentication. Its not the companies that are at fault but the process of using the footer code to integrate 3rd party solutions. As I mentioned I am new to JS so I imagine there is a much better way of doing it. Here is a post in memberstack for ref that explains it better than I did: Memberstack Security Issue

Re: Client request. Its very simple actually. Forget anything I said before

I have single CMS collection that needs to be viewed.

I will have a page that displays a list of projects in the collection (basically a dashboard/landing page for staff) that link to the full project collection item page. Much like how a blog has a preview card on a home page that you then click to read the full article on another page (aka template page) I need both of these password protected.

I would just be using Webflow’s native page password protection at this point since they are fine having a universal password for staff.

The problem is Webflow page protection doesn’t recognize a global password - they are page or folder specific. While I can group all private staff only pages together in a folder (there will be more that don’t use cms) the collection template pages are separate from the page nav menu in Webflow and cant be grouped in a folder with other pages. When I password protect the actual collection - even if it is the same password - Webflow forces the password entry again when staff go from dashboard page (or any other password protected page) to collection template pages (aka all the separate projects)

It may seem trivial but its annoyance for most users. I was just wondering if there was a way to make the collection template pages recognize the password they used when they logged into any of the pages in the Webflow folder (would be the same password).

Gosh I hope that’s clear.

No. This basic authentication is controlled by Webflow’s implementation. Note: You can set a password for all pages in a collection. See => Project and page passwords | Webflow University.

1 Like

Thanks for the reply @webdev . Yeah, I do have a password set for all the pages in a collection.

Really what they are trying to do is create a psuedo-intranet for employees using a bunch of private pages and the CMS. Its definitely not an optimal solution. They were fine with having a single password but not having to re-enter it for different pages (which I understand).

Its a very small non-profit group (10 - 15) that doesn’t have the funds for a separate application. I really think they should just use Google Drive considering how little business they do. Their workflow is pretty simple too - Just reviewing files and voting for approval - but they told me staff doesn’t want to use an email account to communicate and review files:laughing: :man_shrugging:

  • nor do they want to learn a new system like airtable, larksuite, etc.

They got a lot of wants, wont’s, and no money. Tough place to be. But I thought I would see what I can do cause its a great group for Veterans. Just kind of lost at this point. I was hoping there was a script I could use that would force Webflow to all protected pages to recognize the first password sign on.

Anyway, thank you guys for your thoughts. Might just have to go to Wordpress instead for this project.

Just make an app for them on Glide or Adalo. Easier and I think they have apps. While I can understand their wishes, still it sounds like they just “demand” these various features while they don’t have enough budget. Helping NGOs is cool though being a demanding person is not. IMHO.

Also, what’s the problem in using Notion? They can get a team account and, well, they will have all the features they need in one package :thinking:

UPD: security issues is an important factor to consider, however one should understand that many no-code solutions have issues with it. Actually, many other tools have security issues. Though, not many clients really need military grade security. I doubt it is that easy to bypass Firebase authentication or even Webflow’s one.

2 Likes

Hey @GeorgyDesign Thank you very much for the Glide suggestion. I just took a quick look at it and it does look like that would work great. Really simply layout and easy to set up. Believe it or not we did look at Notion and they thought it was too complicated. lol. I think Glide is a much better fit for them. We can keep their Webflow site just for the public and staff can use Glide.

You just saved me more hours of searching and anxiety! Thank you so much.

PS - I never realized that about the security issues. I don’t really have a great understanding of security and protocols so I get nervous when I hear something can be hacked. But I guess anything can if you know enough! Been watching too many Jim Browning videos on Youtube :laughing:

1 Like

I’m glad I’ve helped you! Glide is a really simple till yet quite powerful and, actually, if a great choice for many non-complicated projects.

I’m surprised that they though Notion was complicated, because the learning curve is not that steep.

As for the security issues: I do think that caring about such stuff is way better than not caring at all so you are doing a good job. Honestly, not many people even think about the security of their no-code app which obviously sucks.

Personally, I think Webflow has a great security but there are some stuff that is, let’s say, hackable — I faced only one issue and that is possiblity to create additional form inputs on a published Webflow website. I won’t tell how to do it but people who knows a bit how to code can do it quite easily. I do not think it is scary by why means but it can f-up the automation if you have one (Webflow to Notion for example) or just create additional columns in the Forms tab in the Project Settings of your Webflow website. You can find a screenshot of it in my topics (I create a post about this issue before).

As far as I know, it is not a Wenbfow issue and to solve it, you will need to host website elsewhere rather than Webflow. I might be wrong about it and there is a solution for this issue.