Hello. I’m using Netlify identity to gate content on a Nextjs site using the implementation found here. The implementation works fine except users are not prevented from accessing the gated content after their tokens have expired so long as they do not log out.
I expect that an expired token would log the user out. Is this not the case?
I’ve some theories on why this could cause issues, but would like to check first. Do you have a specific page that should be protected by auth? Hopefully, could you also give us some test credentials? You can DM those to me.
Hey, I went ahead and sent you the creds. I tried to gate the page based on the user’s JWT expiry not being exceeded, but that doesn’t seem to work either.
While I was debugging this, I noticed that you had a bigger problem. All of your “gated” data, is easily accessible to someone with or without an account, if they right-click and go to “View page source” (in Chrome). Your data is available in plain text on your site’s HTML code:
