Is it normal for an unverified account to be able to create a session ? [Solved]

I am going through the errors that my user could receive while logging into the cloud. I unverified the user in order to capture an error so i could say "please verify your email" But to my surprise a session was successful and created. The account is unverified FOR SURE. Is there something I am not understanding?

TL;DR

Developers are questioning whether it's normal for an unverified account to create a session. The conclusion is that it is normal as app logic determines user permissions. The user tried to capture an error message for unverified accounts, but a session was still created.

Yes it is normal

It's on you and your app logic to do whatever you want regards to verified users

(such setting permissions so that only verified users can create/read documents)

Ok, thank you., fair enough. Its also very surprising that you can get a JWT token when unverified. I would be curious about the reasoning for that, but that may be a lot to ask.

Is it normal for an unverified account to be able to create a session ? [Solved]

Reply to this thread by joining our Discord

Reply on Discord

Need support?

Join our Discord

Get community support by joining our Discord server.

Join Discord

Get premium support

Join Appwrite Pro and get email support from our team.

Learn more

Recommended threads

Need support?

Join our Discord

Get premium support