Basic Question about Xojo Web


I have a quick question about how log in security works with Xojo Web. For example:

Say that I have two pages:

  • The Start Page (where login is required)
  • The Main Page (that only displays after the user has successfully logged in)

What keeps someone from simply directing their browser to the Main Page URL link, bypassing the Start Page completely, where the login is required? Does Xojo Web naturally protect against this type of occurrence, or do we need to manually create a session ID, check for the existence of this ID, verify, etc?

(If you can’t tell, I am used to working with the traditional HTML / PHP setup, so this (Xojo Web) is a bit of a new environmental playground for me.) :wink:

Thank you!

Xojo web is what’s known as a single page app. Users use a single url to access the app and new page information is sent to the browser as needed. So unless you specifically allow a user to bypass your login page, there’s no way to do it.

1 Like

Awesome! That is wonderful to hear… :slight_smile: :+1:

Thank you!