How to implement a paywall with Memberstack that prevents cookie refresh exploits for a 20-second free preview? Answered
Excuse my funny question but why would I use memberstack for paywal instead of just adding my own code? one problem I can say with my way is that people can refresh the cookies and access site again & again but I am stuck between using memberstack for paywall or use my own code, please help me out guys. Duncan Hamra
This is my site https://news.ecnus.com/ my concern it, whenever someone lands on it first time, they can only use this 20 second, after that paywall will appear where they have to activate the free trial and then they can use it for 14 days for free after that they need to choose a plan & pay, so if I use my code to do this functionality my developer says anyone can refresh their cookies and keep getting over the paywall or they can go offline mode, so do u think it is same with memberstack?
Thanks
Comments
7 comments
You will need to use custom code either way to gate content after x amount of seconds have passed. And your developer is right, if you add the security layer on the client (your browser) there could be a way to overcome it. No necessarily has to be easy to breach it. Not all users know how to do it tho.
The only way to actually make sure that no one can access is by hosting your content server side, and block the content by ip. I think there's a way to do it using cloudflare workers (with a Reverse Proxy). Just keep in mind the pricing per your estimated users bandwidth.
I see thanks for opinion, will look into this and you think we can do both time block and data block with memberstack? Thanks
You can do it client side. as you intended to do originally. But if you want to really prevent unauthorized access you'll need to use a server and integrate it with Memberstack REST or node api to verify who's logged in.
How you handle your data basically is up to you. Memberstack only gives you user management, authentication access and simple authorization (gated content) client side. Complex solutions can be developed using your own logic, server and database, and later integrated with Memberstack API so both systems work smoothly.
Hey Raquel, I am currently configuring a reverse proxy authentication and I have a cloudflare worker set up and I am calling and logging Memberstack's REST api, in the cloudflare worker. Though I am having such a hard time figuring out how to get the user's info to authenticate that the user connecting, is a certain user.
Can you just put me in the direction to go to get the current user's info then authenticate them via the api? I see ways to do this via cookies though if I'm correct, Memberstack uses local data.
Hi Trevor, you have to authenticate your user via username and password. And with the JWT token it returns (that can be located in local storage or as a response of the login method) you can do requests to the Memberstack API in behalf of the authenticated user.
Ok, so if my goal is to gate pages using cloudflare workers as a reverse proxy and memberstack's user data, are you aware of a way to get that local storage data from the browser into a cloudflare worker so I can make an api request from the worker and grant access depending on results.
I may have the process totally confused, this is my first time using cloudflare workers, but my overall goal is very securely gate my webflow pages using memberstack's user and plan system and a reverse proxy.
Doing a reverse proxy is not an average user task. I would recommend you to seek help from a developer to set it up for you if you are not familiar with programming terminology.
Please sign in to leave a comment.