Skip Navigation
Requiring customers to log in to end-user pages
Answer ID 881   |   Last Review Date 07/30/2019

How can I require our customers to register and log in before they go to any part of our end-user pages?


Customer Portal, Enduser pages


You can configure your end-user pages to be password-protected so that visitors MUST log in to access any part of the end-user interface.

To password-protect the CP end-user pages, you must edit the meta tags of the end-user files to include the login_required=”true” attribute.

The path to these files is: /euf/development/views/pages/


Note:  In the utils directory, leave the login_form.php file without the login_required="true" attribute. This allows users the ability to access the login page.

In addition, if you allow accounts to be created from the end-user interface, the create_account.php file in the utils folder should also not include the login_required="true" attribute so that new users can access the page to create their new account.

Files requiring login:  By default, the files in the following directories are password protected and include the login_required="true" attribute in the meta tag:

utils/submit (password_changed.php and profile_updated.php
all files in the account folder (including files in the questions and notif sub-folders)

Additionally, if the CP_CONTACT_LOGIN_REQUIRED configuration setting is enabled, then those page where the login_required attribute is not set become protected and a user needs to login.  In addition, any files that are attached to answers are also protected and if the URL to an attachment is forwarded to another user, that user must log in to view the attachment.

So, while you can use login_required to explicitly state which pages require a login or not, if you want the answers to require a login, you should also enable CP_CONTACT_LOGIN_REQUIRED.

Note that when you change the value of CP_CONTACT_LOGIN_REQUIRED, it only affects the development pages.  You must do a deploy to production for the configuration value to affect your production pages.

Additional Considerations

Pass-through authentication: Some sites include a login feature independently of Oracle B2C Service -- that is, visitors to the site must log in anyway -- even to access non-Oracle B2C Service pages. In these cases, you probably do not want your site visitors to have to log in to your Web site and then log in again to your Oracle B2C Service application. It is possible to configure Oracle B2C Service to pass through the initial login information so that your customers only have to log in one time.

To include this pass through login functionality to your Oracle B2C Service site, you must purchase Pass Through Authentication (PTA). For more information on pricing and options, please contact your sales account manager.