Reactive Web and Authentication

Hello Everyone,

I hope everyone is doing well. Okay I have 2 questions...

1.I have a customer facing site and I created a Reactive web page that will create a new user to the user entity by user the Create user and also used the grant role - custom one I create. When I sign in with this newly created user, would I need to save their user name to the username client variable in the Reactive application  in order to hold a session while logged into my sight? I am having issues when it comes to the customer accessing the website event though they have access to this role. I am sure since I am doing the users creation programmatically,  I am missing something important. 

2. I saved the password as a variable to the database but looks like it was saved as clear text in the background. Would I have use some type of function to save the password as a hash?


Hi Otis,

1a. Rule number one for all client facing websites. Never ever store confidential data within the browser. And if you need to do this make sure you encrypt it if possible (there are forge components to help you with this). 

1b. You don't need to store the password locally. When your users logs in a cookies is placed that contains the sessions information. This cookie will be used again when the customer returns to the site and logs him back in.

1c. Perhaps you can take a couple of screenshots to show us the problem? That would clear things up

2. You first need to encrypt the password. To do this use the EncryptPassword action from the Users component. The encrypted password returned needs to be saved to the user record.



Rank: #809

Hey Vincent or Whomever,

1a. When it comes it comes to the customer input of sensitive information. I already have a table that will hold the customer information i.e. SS#, phone number, Address... on my reactive web page, I will add the form widget to the page and aggregate of the tables on this page. I will then drag\drop the corresponding attributes to this form and this will server as the input variables that will hold this sensitive information. Once the customer is finished, I will validate the information provided and then use a server action to save this information directly to the database. I believe this would be the best approach when gathering this information. Thoughts?

1b. I noticed that there is a action called user_login (server action)  that is on the platform. I will use this action to log the customer in by passing in the username and password. I believe this is the action that will automatically log the customer into the reactive web page and create the associated cookie that you described before logging out. I believe at this point, anytime I navigate to a page, since the customer is technically logged in, I would need to implement logic to validate if user belongs to the pages role correct? Or is this already done implicitly since they are logged in. 

Additionally, is there anyway that I can look under the hood of this server action? For example, if I want to change the temporary logout from 60 minutes to 15 minutes OR if I want to NOT log user locked out but render to a custom page that would contain a password retrieval option where I can generate a pincode  and send it to their email address for further validation?


1bb. I am creating the user id implicitly and it seems to be working as expected. I am unable to log into the site but believe this is just because the password I am passing in to save is plain text and should be hashed. I would need to search the platform to see if I see any server actions that can handle this conversion. . 

1c. I hope the descriptions above are enough to clarify thing but please let me know if you need more. 

2. I just got this!!! LOL you just answered my question label 1bb. I will look for this EncryptPassword action, I am sure that should resolve my issue concerning the password not working due to being in clear text.

Thanks in advance for assisting with the other questions.