I'm developing a web app backed by Firebase which allows access to its content to only users who have signed up (using firebase auth). my goal now is to allow unauthenticated users to view the app content but limit their usage (say, unauthenticated users will be able to view x pages per day they will have to sign up to continue their activity on the app). I was thinking to achieve this by making an anonymous user type and follow his activity with Firestore, but then the question asked is what prevents the user from login in with a new anonymous user over and over again. another approach that I was looking at is to limit the user actions with a session cookie, but didn't find too much information on how it works with firebase and if it's even possible.
Any suggestions on which approach you would go with?
CodePudding user response:
Implementing anonymous accounts sounds like a good solution to me. Since you'll have two types of users, you can very simply differentiate them, and allow your normal users to see all the content, while the anonymous users see only restricted content.
To achieve this, you have to check each time a users signs in, if it's an anonymous user or not. If it's anonymous then allow him only to load a fixed number of pages. This can be really simply done in your app's code.
CodePudding user response:
I've solved the issue with my #1 approach -
I was thinking to achieve this by making an anonymous user type and follow his activity with Firestore
I've overcome my concern
but then the question asked is what prevents the user from login in with a new anonymous user over and over again
by going to firebase console -> Authentication
then at a bottom of the page there's advanced settings dialog, where i was able to manage sign-up quota.
this way, a user with certain IP won't be able to recreate anonymous user over and over again on a short period of time and hence abuse my app.