Member Login Security

PAGE TYPE
ADMIN
Slug
member-login-security
Publish
Publish
global_site_name
Cloakist
cn_registrar_name
cn_registrar_url
cn_registrar_login_url
cn_guide_url
cn_redirect_url
platform_name
platform_page_type
platform_blurb
platform_example_url
platform_cloakist_url
platform_share_image
Canonical URL

Cloakist Membership Options

  • Password Protection: Site is protected with a single password
  • Email Sign Up: Require visitors to enter their email address for access to the site
  • Restricted Email List: Specify a list of email addresses that are allowed to access the site
  • Paid Membership: Members get access once they pay via a 3rd party integration (e.g. Gumroad)

How is security handled for Password Protected sites?

When a site is password protected, all pages pages that are accessible via the configured domain will require a password to be entered before it can be accessed.
The password is chosen by the owner of the site and a single password applies to all pages and all users of the site.
When a password is entered by a user, a cookie will be set in the browser that indicates that a correct password was entered.
The user will have access to the site for as long as the cookie exists in the browser and the cookie has not expired.
The duration of the cookie can be configured by the owner of the site.
 

How is security handled for Email Sign Up, Restricted Email Lists, and Paid Memberships?

When a site is configured to use Email Sign Up, Restricted Email List, or Paid Membership, a user (member) will be required to enter their email address when registering or logging in.
When a member enters and submits their email address a single-use link is generated with a login token using uuid v4.
The single-use link is sent to the member’s email address.
When the member clicks on the link, the login token and email address is validated. If the email address and the login token are valid, a cookie is placed in the browser cache indicating a successful log in.
The member will have access to the site for as long as the cookie exists in the browser and the cookie has not expired.
The duration of the cookie can be configured by the owner of the site.

Additional validations for Restricted Email List

In addition to the validations above, for Restricted Email Lists, the email address is also validated agains the predefined list of valid email addresses created by the owner of the site.

Additional validations for Paid Memberships

In addition ti the validations above, for Paid Memberships, the email address is added to the list of members, but will not get access to the site until confirmation of payment is received from a 3rd party integration (e.g. Gumroad)