Access denied only to specific members

Hi Everyone,

I’m encountering a very strange problem: specific users are being denied access to their Member Page.

Most members on our platform can login fine (even with the same membership as the members who can’t) but there are specific users who cannot login even though I confirmed that their member page exists both on Memberstack as a string and that it matches the Webflow slug.

I tried resetting the password, changing their email address, and making sure that the membership is not locking Member Pages but the same issue persists. When I try to login as that particular user, the URL goes to their member page but then are immediately bounced back to the homepage (which is where the access denied url leads them to for member-specific pages). It feels like these specific members got corrupted somehow.

Has anyone else encountered this issue? Any help would be greatly appreciated! Thanks.

Hi guys!

So taking a look at what’s getting returned from https://api.memberstack.io/member/login, I’m seeing these outputs for the two different accounts:

Working Account:

{
"email": "testcompany@test.com",
"hash": "ebd91dd66c41e9d35838fa656f9d15f689fe94e61d473a349744ac01480d7633",
"redirect": "employers/5e323494cd7f9500170040e9",
"client_secret": "",
"requires_payment": false,
"loginRedirect": "employer/welcome",
"logoutRedirect": "home-v2",
"uniqueContent": "employers/5e323494cd7f9500170040e9",
"protected": [
    {
        "id": "profile",
        "redirect": "signup",
        "urls": [
            {
                "url": "member",
                "filter": "Starts"
            }
        ],
        "access": false
    },
    {
        "id": "employer",
        "redirect": "signup",
        "urls": [
            {
                "url": "employer",
                "filter": "Equals"
            },
            {
                "url": "employers",
                "filter": "Starts"
            }
        ],
        "access": true
    },
    {
        "id": "jobs",
        "redirect": "login",
        "urls": [],
        "access": false
    },
    {
        "redirect": "home-v2",
        "unique": true,
        "access": false,
        "urls": [
            {
                "url": "employers/",
                "filter": "Starts"
            }
        ]
    }
],
"membership": {
    "id": "5e123c7c57ef9a001781fc1f",
    "status": "active",
    "current_period_end": "1582940644.994",
    "cancel_at_period_end": false
},
"information": {
    "first-name": "Test",
    "last-name": "Company",
    "referred-by": "Word of Mouth",
    "companyname": "Company0",
    "webflowid": "5e3234bf0e1b42a2ee111629",
    "phone": "1234567890",
    "websitepersonal": "https://www.company0.com",
    "accommodationwfh": "true",
    "accommodationselfpace": "false",
    "accommodationergonomic": "false",
    "accommodationramp": "false",
    "accommodationrestroom": "false",
    "accommodationsoftware": "false",
    "accommodationscreen": "false",
    "accommodationsignlanguage": "false",
    "accommodationanimal": "false",
    "accommodationparking": "false",
    "accommodationschedule": "false",
    "accommodationtraining": "false",
    "accommodationcounseling": "false",
    "accommodationfragrance": "false",
    "aboutemployer": "asdf",
    "workcultureemployer": "asdf",
    "industry": "asdf",
    "publicprofile": "TRUE",
    "webflowidpublic": "5e3234c3544c667ed56369b8",
    "logo": "https://webflow.com/files/5bad090c54fd3cec09571c85/formUploads/b0000172-b076-401b-a2ae-833e817928f4.jpeg",
    "banner": "https://webflow.com/files/5bad090c54fd3cec09571c85/formUploads/12f8eb8f-35d2-4207-a2ef-c71bb0db7917.jpeg",
    "id": "5e323494cd7f9500170040e9"
},
"canceled": false,
"testWarning": true

}

Not working account:

{
"email": "acme@test.com",
"hash": "2f5bf9a9d385a3a76f235d0ec4857cf1d429e895cf69fc914fcb19ef16ed579f",
"redirect": "employers/5e31e1b7011f6f00170f158a",
"client_secret": "",
"requires_payment": false,
"loginRedirect": "employer/welcome",
"logoutRedirect": "home-v2",
"uniqueContent": "employers/5e31e1b7011f6f00170f158a",
"protected": [
    {
        "id": "profile",
        "redirect": "signup",
        "urls": [
            {
                "url": "member",
                "filter": "Starts"
            }
        ],
        "access": false
    },
    {
        "id": "employer",
        "redirect": "signup",
        "urls": [
            {
                "url": "employer",
                "filter": "Equals"
            },
            {
                "url": "employers",
                "filter": "Starts"
            }
        ],
        "access": true
    },
    {
        "id": "jobs",
        "redirect": "login",
        "urls": [],
        "access": false
    },
    {
        "redirect": "home-v2",
        "unique": true,
        "access": false,
        "urls": [
            {
                "url": "employers/",
                "filter": "Starts"
            }
        ]
    }
],
"membership": {
    "id": "5e123c7c57ef9a001781fc1f",
    "status": "active",
    "current_period_end": "1582919504.663",
    "cancel_at_period_end": false
},
"information": {
    "first-name": "Acme",
    "last-name": "Inc",
    "referred-by": "News Article",
    "companyname": "Acme Incorporated",
    "webflowid": "5e31e22dcf7df2d35896b3ad",
    "websitepersonal": "https://en.wikipedia.org/wiki/Acme_Corporation",
    "accommodationwfh": "true",
    "accommodationselfpace": "false",
    "accommodationergonomic": "true",
    "accommodationramp": "false",
    "accommodationrestroom": "false",
    "accommodationsoftware": "false",
    "accommodationscreen": "false",
    "accommodationsignlanguage": "false",
    "accommodationanimal": "true",
    "accommodationparking": "true",
    "accommodationschedule": "false",
    "accommodationtraining": "true",
    "accommodationcounseling": "true",
    "accommodationfragrance": "false",
    "aboutemployer": "The Acme Corporation is a fictional corporation that features prominently in the Road Runner/Wile E. Coyote animated shorts as a running gag featuring outlandish products that fail or backfire catastrophically at the worst possible times. The name is also used as a generic title in many cartoons, especially those made by Warner Bros., and films, TV series, commercials and comic strips.",
    "workcultureemployer": "Building an inclusive culture ensures that everyone in your business is able to bring and apply their full self to their work.\n\nAt acme you can identify just how inclusive your culture really is. Understand the experiences of different employee groups, provide a safe space for cases of misconduct to be raised anonymously, and introduce the initiatives that will make a real difference to your people.",
    "industry": "Industry, Automotive",
    "publicprofile": "true",
    "webflowidpublic": "5e31e2352dd68197cc4e5b1a",
    "logo": "https://webflow.com/files/5bad090c54fd3cec09571c85/formUploads/29e3418e-0c63-429e-be72-ee875ed08424.png",
    "banner": "https://webflow.com/files/5bad090c54fd3cec09571c85/formUploads/118dd371-1964-4435-9252-72d6def4d02c.jpg",
    "id": "5e31e1b7011f6f00170f158a"
},
"canceled": false,
"testWarning": true

}

So oddly the protected pieces are both returning the exact same, which makes me think that there is some discrepancy in how the front end is triaging behavior based on some other data either locally or from a different
api.

Weirdly, the behavior is the exact same in an incognito window as well, which makes me think it’s not due to ephemeral state in cookies or local cache.

Are there any other important apis that get hit during ms-login or some way that I can debug this further in chrome devtools?

Let us know! Thanks in advance,
Robin