Find solution
Why can I access my website normally but some users can't?

How can I grant users access to a registered-only area of a website (temporarily) without asking them to register right away?

  • Tracking users with cookies comes to mind, also does setting a unique URI for each "not-yet-member", but I'd appreciate any examples or ideas. For what it's worth the users that are supposed to get access are being invited via email, and that's one thing the app knows about them.

  • Answer:

    What do you consider a "registered-only area"? Is this content submission that needs to track authorship? Storing preferences? Just showing a sample of content behind the gates? Could be that all you need is a general tour through the site before someone signs up. But, just in terms of technical details: I'll assume there's a link in the invite email with some sort of unique code used as a key to the invitation.  Tie that code to the browser with a cookie, allow it to be refreshed via another click on a link from the original email up until the point that it's used to actually register for the site. You could make the link single use, but that might be a headache if someone loses their cookie after clicking on the invite, thus basically wasting the invitation with an abandoned session. Of course, this opens up the possibility that the invitation could be shared, so you may need to balance consideration of user experience against policy enforcement. You could treat the invitation as a kind of temporary registration, albeit one created by the inviter rather than the invitee. Use that as a lightweight identity from which to hang anything you want to make personalized about their visit. You might also be able to generate a temporary user account with reduced privileges, depending on your web stack. Then, once someone decides to commit to a signup, you could use the temporary identity to pre-fill the real registration form. If you allowed the temporary user to create any content, you could then assign proper authorship to those items after the point of registration. Or, if they never signed up after clicking through the invitation, you could delete the content after a certain period. For example, once upon a time at Delicious, we'd considered allowing people to save bookmarks to try the service without registering. Those items would have been private and tied together only by a temporary session cookie. To save them permanently, you would've needed to create an account or log in to an existing one—or risk losing the items after a certain period of time or if you ever lost your session cookie.

Les Orchard at Quora Visit the source

Was this solution helpful to you?

Other answers

You can generate some kind of a single-use authentication token that is valid for a few hours or a day and attach it to the URL being shared. For example: http://yoursite.com/visitor-token=XXXXX (of course, not this verbose.) You can validate the token just like for an authenticated user, but the access expires automatically after the set time. Since it is a single-use token, the URL cannot be accessed by multiple people, if the original recipient shares the invitation email with others. With this approach you can also attach privileges to such users that determine what they can do on your website. So, if you allow them to take a tour of your service, they can do so within the given privileges, but without having to register.

Raghavendra Kidiyoor

Related Q & A:

Just Added Q & A:

Find solution

For every problem there is a solution! Proved by Solucija.

  • Got an issue and looking for advice?

  • Ask Solucija to search every corner of the Web for help.

  • Get workable solutions and helpful tips in a moment.

Just ask Solucija about an issue you face and immediately get a list of ready solutions, answers and tips from other Internet users. We always provide the most suitable and complete answer to your question at the top, along with a few good alternatives below.