User accounts unable to login

Anyone else having issues with user accounts (memberships) logging in?

The login POST request from our webflow site times out and products a 406 response.
Also down is the log-out functionality and fetching data on the user account page.

Working fine on my sites.
I can’t remember the failure code however you may have tripped a security feature.
If you do multiple logins in a narrow timeframe from a single IP, for example, you’ll get locked out for 3 hours.

I ran into this a lot while building the SA5 user info toolset.

2 Likes

Thanks, that seems to be it. Appears to be working when on VPN, so looks like my IP was blocked which impacted all devices.

I was doing lots of logging-in/logging-out when i got blocked so guess that tripped it.

1 Like

I can’t do sh*t right now … Nothing works anymore. I did the same, extensive log in/log out, creating user account, delete them, etc. I work with the “webflow logic” thats why I need this to test it. Not only its fuuuuu**in slow, now I’m blocked and can’t work. I hope you are right and it will be available in 3 hours again. Wow Webflow, such a pain sometimes …

Just wanted to leave that here, that other users can relate …

Another amazingly stupid webflow desition… We’re blocked for (let’s hope) 3 hours of our work… Nicely done, Webflow, nicely done! Amazing how this software is going down rapidly because of really, really bad management desitions and not even care about us, the users who are working with this platform like forever…

It’s annoying but it’s also not dumb. Without delay & lockout security features any login feature is vulnerable to dictionary / algorithmic attacks. I’m pretty sure no one wants an “anyone with the right software can log in and raid my content / passwords” situation.

I’m trying to remember how I overcame it while building SA5’s user modules- try a different email address for your login tests.

You can also contact support and ask nicely. If you have a good reason, they may be able to still whitelist specific emails to bypass the lockout safety feature.

Of course it is dumb. It’s not a failed login attemts so they blacklist my IP (or whatever they’re doing) which will be understandable but a successful login/logout actions that clearly aren’t security breach and shouldn’t be considered as such. I’ve tried with alternative e-mail, clearly doesn’t work since the ban/block has been made by IP (probably). Thanks God, as you mentioned previously, 3 hours later the ban was canceled and I was able to proceed with my work and tests, with more caution.

Anyway my biggest concern about this “feature” is that just like many others, they aren’t written in any documentation so we can read and be aware of before we start doing what we’re doing! Just like tons of other limitations and obstacles that you don’t know before experience those by yourself (f.ex. e-commerce doesn’t have an option for Cash On Delivery which is a huge problem for me, but I’ve understand it after I paid 1 year of subscription - like nearly $400, the Users are practically useless with no simple user-data integration to use in your website, the Flow is OK but for simple (I mean very simple) tasks, no CSS nesting at all, etc, etc.).

But… it’s yet another webflow thing in my list of “didn’t-know-before-I-experienced-it” things to be aware of.