Memberium AutoLogin

David Bullock — 

This feature enables you to automatically log your members into your site without requiring them to enter their username and password. For example, this can take the form of a link in an email, a link on a webpage, or a thank you page in an ecommerce funnel like ThriveCart.

SECURITY NOTICE:
AutoLogin carries additional risks with it. You will need to determine for your site if the risks outweigh the conveniences. Skip to the bottom to read more about autologin security risks.

AutoLogin URL Quickstart

Memberium will create example Email Autologin link and display them at the bottom of Memberium > Settings > Webhook/links page. You can copy this autologin URL into your email template in ActiveCampaign. You can also edit the example links we provide as needed. For example you can specify your own redirect URL to send your members to a specific page when they login.

Setting Up ThriveCart Autologin

ThriveCart provides a powerful thank you page capability that Memberium integrates with to allow your ThriveCart funnel to autologin the user to your site. To setup ThriveCart autologin, perform the following steps:

Login to your ThriveCart account, and get your secret key. You can get your secret key by following these steps:

  • Click the gear icon in the top right
  • Then click on the “API and Webhooks” view button.
  • Next click the “View Settings” button next to “ThriveCart API”.

    You will see your secret key displayed. Copy this key.

    Pro Tip
    If you ever change this key inside of ThriveCart, be sure to update Memberium with the new key, or your connection with ThriveCart will no longer work.

    Next, inside of Memberium, go to Memberium -> Settings -> Web Hooks/Links. Paste the ThriveCart secret key into the input box labelled “ThriveCart Secret Key”, and click the “Update” button.

    Next, you can start setting up your ThriveCart funnels to autologin to Memberium. Each funnel will need to be setup, there is not a way to set up all funnels with a global setting.

    Your basic ThriveCart Autologin URL is very simple, and looks like this:

    http://www.yoursite.com/?memb_autologin=YOURMEMBERIUMAUTOLOGINKEY

    Pro Tip
    The Memberium Autologin Key is and should be different from the ThriveCart API key. If you get stuck with this, feel free to reach out to Memberium support and we’ll help you set this up.

    You can also add additional parameters as described below to control aspects of the autologin.

    For each product in ThriveCart, you need to set the autologin URL as the Success URL for that product’s sales funnel. You can do this with the following steps:

  • Edit the product
  • click the “Fulfillment” tab
  • Paste your Autologin link into the “Success URL” input box.

    Autologin from Email

    We provide a working example autologin email code that you can copy/paste into your email template from Memberium > Settings > Webhook/links. We’ve prefilled the website link, the auth_key and the ActiveCampaign email parameters. We’ve also included a sample redir= parameter. You can edit or remove the redir= parameter as needed for your link.

    An example email autologin link would look something like this:
    http://yourdomain.com/?memb_autologin=yes&auth_key=YOURAUTHKEY&Id=%SUBSCRIBERID%&Email=%EMAIL%&redir=/yourpage/

    Memberium Autologin Link Parameters

    memb_autologin=yes / memb_autologin=YOURAUTHKEY

    Required for all autologin links. This code tells Memberium that this is an autologin link.

    auth_key=yourauthkey

    Required for all autologin links. This is the autologin auth key for your Memberium install. Memberium supports creating two kinds of auth keys for maximum security. Please be sure that you are using the autologin auth key and NOT the web hook auth key.

    Id=%SUBSCRIBERID%

    Required for email autologin links. This is the ActiveCampaign contact ID for the member. The %SUBSCRIBERID% will be replaced with the actual ID of the user who the email is sent to. Please note that the Id parameter is case sensitive.
    This parameter is not required for ThriveCart Autologin Links.
    If you are using any other third party form system, it must supply this information in the URL

    Email=%EMAIL%

    Required for email autologin links. This is the email address of the contact in ActiveCampaign. The %EMAIL% placeholder will be replaced with the actual email address of the contact who the email is sent to.
    This parameter is not required for ThriveCart Autologin Links.
    If you are using any other third party form system, it must supply this information in the URL

    tag_ids=X,Y,Z

    Optional. Not recommended for use in email links When doing an autologin from an order form system, the tags may not be all applied by the time the user is redirected to the autologin link. You can use the tag_ids parameter to instruct Memberium to apply one or more tags to the user prior to logging in to ensure that their access tags are applied.

    redir=/my-other-page/

    Optional, can be used on all kinds of links. Normally, when a user autologins to your site, they are sent to the homepage defined by their membership level. If you wish the autologin link to take them to a different page, you can define that link here. The redirect link can be an absolute link, or a relative link. The redirect parameter MUST be the last parameter on the line.
    Best Practices: It is recommended to only use relative links. Do not include http/https or your domain name.

    How to Disable Autologin

    You can enable or disable the Autologin functionality from Memberium > Settings > Login tab, and toggle “Allow Autologin” to Yes/No.

    If you do not wish autologin to be enabled for your site, then you can disable autologin by changing the Autologin Auth Key to blank from the same page, or turning off the feature.

    Autologin Security Concerns

    Because this feature bypasses the more secure password login, it makes your site less secure to use. Anyone with access to the link can login to your user’s account, which makes it easier to share. If this lowered level of security concerns you, you can easily disable this feature. Autologin links are less secure, because the two pieces of information (The Subscriber ID and the Email Address) are unchanging and can be shared with any number of users. So, if a user were to change their password, it would not prevent someone with their autologin link from continuing to login as them.

    Despite the reduced security, autologin is a popular request and a popular feature. It’s up to each site owner to determine if the risk outweighs the convenience for their site.

    AutoLogin Troubleshooting

    To successfully enable an autologin, the user must have:

  • A username ( email address ),
  • A password
  • Any appropriate membership tags.
  • The member being logged in must have the subscriber role.
  • If you are using a full domain link as your redirect, try changing it to just a path
  • Memberium also provides an autologin log in your Admin dashboard. You can review this log to find out why an Autologin has failed.