Secure Zones logins

@alex Can a username for a secure zone be a one-word text string instead of an email address? Can multiple people be logged into a secure zone at the same time using the same username & password?

I’ve started to set up my first secure zone and added myself as a member. I’ve also set up a login page outside of the secure zone folder. When I login, however, I am not taken to the secure zone landing page. Instead, I am returned to the login page but with “?login=success” added to the URL of the page. How do I get a successful login to redirect me to the secure zone landing page?

Also, when I logout, I am automatically taken to the website’s homepage. How do I get the logout form to direct to another page?

Hi Hope

I have used the variables to control where the user goes. Then it will also be possible for people already logged in to be “automatically” logged in.

This is what I use to check if they are logged in, or redirect them after:

{% if request.is_logged == "true" %}
    <script type="text/javascript">
            window.location.href = "/test"
{% endif %}

I guess there are several ways of doing this, but this has worked in my case. In this case I have users being redirected from another system, and they could already be logged in, so if they come to the login page and are already logged in they will just be “logged in”. :slight_smile:

You could use the same for checking the success/failure from the parameters and do whatever you would like.

Something like:

{% if request.request_url.params.login == “success” %}
Do something
{% endif %}


{% if request.request_url.params.login == “failure” %}
Do something else
{% endif %}


Hi @hopestew. In addition to @Peter-Schmidt’s method, which can be very powerful and customisable, you can also use some pre-existing form functionality to achieve this.
Since the login process uses a form you can add the hidden redirect field, within your form element, with your desired page URL as the field value. Like so:

<input type="hidden" name="redirectURL" value="/my-landing-page">

Tip: You could populate that field with Liquid data to conditionally set different landing pages based on your own logic.

Likewise with the logout process. While this isn’t a form by default, you can take the API endpoint in the logout link and add it to a forms action URL. Eg:

Change this:

<a href="/public/api/members/logout">Logout</a>

To this:

<form action="/public/api/members/logout" method="GET">
    <input type="hidden" name="redirectURL" value="/goodbye-page">
    <input type="submit" value="Logout">

Note: here we need to change the form method to GET.

Docs reference:


As Adam mentioned, in most cases this will do the trick and is the best and simplest solution :slight_smile:

Just tested this and it works beautifully for the one existing secure zone but the site will have other secure zones. So for this site I’ll use Adam’s method. But there will be other uses of your code such as hiding or showing content depending on the login status. Thanks!

1 Like

Works perfectly. Thanks!

My login seems to be redirecting on Failure (?login=failure) also. I feel like this might have just started happening.

This was happening a few weeks ago, and it was a cache issue. Is any else seeing this?

I’m trying to use this idea to test if a user has successfully logged in and redirect to different pages depending on success.

I’m using this code

{% assign newPage = “/membership/members-landing-page” %}
{% if request.request_url.params.login == “failure” %}
{% assign newPage = “/login-failure” %}
{% endif %}

        <input type="hidden" name="redirectURL" value="{{newPage}}">

but I’m getting an error
Liquid Error: Object reference not set to an instance of an object.

I have tried looking through references but can’t see what I’m doing wrong.

@doodlefish I’m not sure I understand your set up here. Wouldn’t your code be detecting the URL param AFTER the form has been submitted and therefore the redirect has already happened?
You would need to redirect with javascript after the landing page has loaded?


{% if request.request_url.params.login == "failure" %}
{% endif %}

(code not tested)

Also, just check that dumb quotes not smart quotes are being used on your webpage. In your post above, there are smart quotes in your liquid code.

1 Like

Thanks - I’d never heard of dumb and smart quotes. Have googled it. I think copying code from brackets to the forum changed the quote marks. Definitely dumb quotes in my code.