Website Design

Hi Guys,

I have heard that using frames is outdated and maybe iframes is the thing.

What is the best way or thing to use then ? there are certain things on my website i do not want people to see links to for example private pages.

Here is an example.

A new user subscribes to my service through a 3rd party website that will not load up in a frame. on submission the user is redirected to a private page where they can sign up then redirected back to website. If a user can see the link to the private sign up page then they can access this without subscribing. How do i manage this situation.

So what if a user can access a sign up page without subscribing? If they aren’t subscribing they shouldn’t have access to anything anyway, right?

in theory yes but if the url is available whats to stop someone sharing ? if someone signs up and copies the link ?

What are you really asking about?

You sign up for an account with Netflix. When you stop paying, you no longer have access to the content.
If you give your credentials out, you are still limited to whatever your account limitations are, ie, if you pay for 2 concurrent logins, two devices can log in at a time. The third is rejected.

So, if 5,000 people want to login, not only is the URL not hidden, you aren’t getting content if you are not accepted either.

Example of the process

i am building a website that offers a service for a monthly fee. To access this service they have to subscribe to a direct debit plan through a third party service. Once they have subscribed through this third party service the redirection link is a sign up page hosted on my website.

They sign up for a username and password to access this part of my site. Once this has been accepted they can then log in and use the service. if you select any link on my website you can see the link url in the status bar and the browser address bar. So is someone subscribes to my plan then they get redirected to a sign up page whats is stopping them copying this url and sharing it with others so they can bypass the third party link and sign up direct ?

What I said still stands. Aren’t you going to verify they paid before they are given access? What happens if they pay once and cancel their subscription? The same would still hold true, correct?

Stripe API for instance. Every time a payment is processed, successful or failure, it calls an API to let that system know the payment status. If that API receives a failed payment, it can then cut the authorization; if it is then successful (like someone updating their payment method) another call is made saying the account is current. The API then allows access again to the account.

Frames and iframes are considered old now and some might even remove them because they are mostly used for ad/other hacks these days. They also don’t offer any security as you can easily watch what happens through the browser dev console or other apps.

What you probably want is to set up your 3rd party subscription page to send a request to your backend code confirming the transaction (web hook).

You can then return the user from the 3rd party site to your site after payment and give them a “awaiting confirmation” page. This page will poll your backend for a confirmed payment, and when the webhook request comes through the user will have valid access.

As astonecipher mentions these confirmations should probably use dates so you know if the subscription runs out - in which case you can repeat the process.