I have a quick question about how log in security works with Xojo Web. For example:
Say that I have two pages:
- The Start Page (where login is required)
- The Main Page (that only displays after the user has successfully logged in)
What keeps someone from simply directing their browser to the Main Page URL link, bypassing the Start Page completely, where the login is required? Does Xojo Web naturally protect against this type of occurrence, or do we need to manually create a session ID, check for the existence of this ID, verify, etc?
(If you can’t tell, I am used to working with the traditional HTML / PHP setup, so this (Xojo Web) is a bit of a new environmental playground for me.)