Using autologin only for a subset of routes?
Closed this issue · 1 comments
I have security concerns using this for the whole application.
Say someone forwards accidentally an email with this link. Another person can login and change everything. So I want to use autologin only for a subset of links.
Is this provided here out of the box or do I have to write it myself?
e.g. say: to write a comment reply, you don't need to login correctly. To change the monthly membership of the user, you need to login properly
You would need to write this in your own app, probably by overriding the internal Autologin controller and implementing your own logic for which URLs are acceptable to autologin and which are not. Otherwise you could override the logic that actually creates the autologin record and only allow it to be created with certain paths. It's something we could look at implementing down the road, but unlikely at the moment.