To protect your digital assets from unauthorized sharing and piracy, Sky Pilot uses built-in IDOR (Insecure Direct Object Reference) Protection. This security layer checks that the person clicking a download link matches the specific customer profile attached to the original purchase.
When a customer sees a "You must be logged in to access this page" message (which previously displayed as "Invalid Login"), the app is working exactly as intended. The system is actively stepping in to protect your files because the visitor's browser is currently logged out or unauthenticated.
The specific behavior displayed simply depends on your store's customer account configuration, your "Require Login" setting, and the visitor's login state.
The Definitive System Behavior Scenarios
1. Classic / Old Customer Accounts (OCA)
Under Old Customer Accounts, users either exist as Guest Customers (no account password created) or Logged-in Customers (account with email + password).
-
Require Login ON + Guest Customer: The guest hits their link, but open access is restricted when security is enabled. -> Result: you must be logged in to access this page
-
Require Login ON + Logged-In Customer: The session perfectly validates against their secure profile path. -> Result: Download page accessible
-
Require Login OFF + Guest Customer: No security session checks are being forced on the link string. -> Result: Download page accessible
-
Require Login OFF + Logged-In Customer: The active customer profile has full clearance to pull files. -> Result: Download page accessible
2. New Customer Accounts (NCA)
Under New Customer Accounts, users interact as Guest Customers (not authenticated) or Authenticated Customers (logged in natively via 6-digit email verification).
-
Require Login ON + Guest Customer: An unauthenticated browser attempts to open a private, ID-locked link layout. -> Result: you must be logged in to access this page
-
Require Login ON + Authenticated Customer: The temporary identity token perfectly matches the link permissions. -> Result: Download page accessible
-
Require Login OFF + Guest Customer: The application tracks the download path via open public routing. -> Result: Download page accessible
-
Require Login OFF + Authenticated Customer: The verified storefront token grants clean entry. -> Result: Download page accessible
What Public vs. Private Link Layouts Mean
The structure of a download link changes automatically based entirely on whether the customer had a registered store account or not at checkout. There is no difference in what they can access; the backend simply uses two different URL methods:
-
Public Links (No Account Created): If a customer checks out as a guest and does not have an account, the link is generated as a public layout. Because they do not have a customer ID profile yet, the link acts like an open token using their email address. Previously, these links dropped an "Invalid Login" wall when logged out, but they have now been updated to show the standard login prompt.
Example: https://yourstore.com/apps/downloads/orders/customer@email.com/179761664
-
Private Links (Account Exists): If a customer has a registered account on your storefront, the system automatically builds a private layout. This link is hardlocked directly to their specific, permanent customer account data.
Example: https://yourstore.com/apps/downloads/customers/8728932417762/orders/179761397
Cross-Lane Scenarios (Mismatched Routing Loops)
If a customer is logged into an account but attempts to open a link belonging to a completely different user (User B or User C), the security engine handles the cross-lane collision cleanly:
-
When targeting an Email-Based Layout: If a customer is logged into Store Account A but opens a link explicitly mapped to User B's email token string, the session vs. token conflict drops a security wall. -> Result: you must be logged in to access this page
-
When targeting an ID-Based Layout: If a customer attempts to force entry into an ID-based directory belonging to User C, the private folder layer completely overrides the mismatch and falls back to its default permission prompt. -> Result: you must be logged in to access this page
Quick-Reference Summary Table
| Store Account Type | Customer Session Status | Sky Pilot "Require Login" Setting | Action If Logged Out / Guest | Action If Using WRONG Account Profile |
| New Customer Accounts | Automated Token | OFF | Access Granted | you must be logged in |
| New Customer Accounts | Automated Token | ON | you must be logged in | you must be logged in |
| Classic Accounts | Has Account (Password) | OFF | Access Granted | you must be logged in |
| Classic Accounts | Has Account (Password) | ON | you must be logged in | you must be logged in |
| Classic Accounts | Guest (No Password) | OFF | Access Granted | Access Granted |
| Classic Accounts | Guest (No Password) | ON | you must be logged in | you must be logged in |
Understanding the "Require Login" Security Trade-Off
Turning Require Login ON is a deliberate business decision to enforce maximum security on your digital assets. It ensures that nobody gets access to your files without an active, verified storefront profile. This is a powerful security feature designed to lock down your store, not a system error. When choosing this high-security path, the app functions with the following intentional trade-offs:
-
With New Customer Accounts (NCA): Friction remains low. Legitimate customers simply input a quick, automated 6-digit verification code sent to their email, instantly authenticate, and safely download their content.
-
With Classic Accounts (OCA): Friction is high. Because open layouts are barred under high security, guest shoppers will hit the login wall on their own links until they explicitly register a password profile matching their checkout email.
If your business workflow relies on seamless, instant guest downloads and you want to prioritize frictionless customer entry over strict asset protection, you can simply choose to turn this security setting off.
