I have a landing page with a form (registration page) and when someone hits submit they get sent to a thank you landing page with a video. I want to ensure that no one can send the URL of the landing page with the video out so people can get direct access; I need them to go through the registration page. What is the easiest way to do this with Marketo landing pages?
Thanks in advance for your help!
~Naomi Marr (Avid Technology)
Naomi, while there's some tech coming down the pike that will allow you to send expiring links, at the moment there's no way to stop someone from downloading a Marketo-hosted asset if they know the direct URL.
In the absence of true security -- and of course even an expiring link can be shared, albeit for a brief period of time -- you have to figure out whether it's really worth pursuing mere obscurity (as techies say) which a malicious/mischievous person could work around. For example, you could have your landing page check its referrer to see if someone came from the form page. Or check for tokens in the LP which wouldn't exist if the lead wasn't known. These tactics might be worth it for your case, or not.
Yes! It's the process of checking for the referrer and if the person hasn't come from the registration page then I want to redirect them back to the reg page that I'm looking to implement. Do you have any pointers on how to achieve that? I'm assuming javascript but didn't know if someone had already implemented a javascript like that they'd be willing to share?
Hi Naomi Marr
I've done the technique sanford mentions with tokens, CSS and some scripting.
The goal was to only show a LiveStream broadcast to those that registered. If someone did not register, the content is replaced with a 'you must register' message and a button to the reg page.
Here are some of the details:
Webform was created to register for the content
Upon form fill out, a 'change data value' flow step in MKTO sets a custom field to the source URL of the livestream iframe embed.
The landing page uses the token for the livestream iframe field like so:
iframe id="liveStreamVid" src="{{lead.ICON14 Live Stream - Video:default=}}" width="640" height="360" frameborder="0" scrolling="no" style="width: 640px; margin: 0 auto;"> /iframe
Some Jquery adds the hidden class to a register message while removing the hidden class from the content iframe.
jQuery(function(){
var liveStreamVid = jQuery("#liveStreamVid");
if (liveStreamVid.attr("src")!=""){
jQuery(".iframer").removeClass("hidden");
jQuery(".register").addClass("hidden");
}
CSS:
.show {
display: block;
}
.hidden {
display: none;
}
Register message HTML for reference:
<div class="register hidden">
<p>
The broadcast will go live Wednesday 4/23/2014 at 8am MST.
</p>
<p>
If you haven't yet, be sure to register to gain access
</p>
<div>
<a class="button small gap-left" href="regpageURL">REGISTER NOW</a>
</div>
<p>
</p>
</div>
The Result: If someone came through the webform than the custom field sets and on the thank you page the jquery shows the content. If the person shares the link, than the new visitor will see a register message instead of content because they do not have a known munchkin id.
If you don't need to get fancy for your setup, you could use the 'email' token in a hidden div. Then redirect to the register page or show the register message in the event the 'email' hidden div is blank.
Mark Price I'm definitiely not a JS expert, but it seems that with your technique if someone shares the tracked link and the recipient clicks it, a _mkto_trk cookie will be added to their browser that points to the lead record of the person that submitted the form originally and Marketo will display the video.
The strategy is similar to merging a custom field value on a landing page (just with some extra scripting).
If the link click is from an email, perhaps there is risk of the content being unlocked, but when going from Webform -> Thank You Page, I do not see how this is possible given my understanding of the system. There isn't a tracking link in the mix, just a regular Marketo hosted page, a field token and some scripting that shows/hides divs if a value merges from the lead record or not.
Sanford explained it like so
"..check for tokens in the LP which wouldn't exist if the lead wasn't known."
Got it - I misunderstood and thought you were saying the shared link would be a tracked link in a Marketo email that points to the LP. I agree that if they share the link to the Thank You page, the video won't be shared. If you were to add the person that registers to a static list in Marketo and use that to trigger the display of dynamic content, wouldn't that eliminate the need for adding custom JS to the LP? Or is there an additional risk of an unauthorized person viewing the video?
You bring up a good point in that the dynamic content snippet / segmentation / static list is another way to get a similar effect.
In my testing and experience, the system was not fast enough to Add to a Static list and then Change the Segmentation in near-real time before the thank you page loaded with the Dynamic Snippet. There was always an intermittent delay where sometimes the setup would not function as intended. Now, we have a large, enterprise-ish instance, so this may not be the case for all MKTO users. (Perhaps MKTO staff can weigh in on if this is a typical system behavior)
I do think the static list + segmentation change can work when the process is not near 'real-time' such as:
Webform Fillout -> MKTO actions run -> Email with Access Link Sent -> Thank You Page accessed
Opposed to:
Webform Fillout -> Thank You Page accessed
For the known/unknown differentiation, I like the JS approach but as you have mentioned, there are use cases where the dynamic snippet might work or be a better choice; especially so if the page is meant for already existing leads or has complex dynamic content needs.
I agree about the latency of the Segmentation, Mark.
Everyone's contributing creative and complementary solutions, which is great.
If you want the simplest possible path as you're not a JS developer, and one that will cover the most common use/abuse cases, add this at the top of the Thank You page:
<script>
(function(){
var referrer= document.createElement('a'); // use native ILocation parser
referrer.href = document.referrer;
if ( referrer.pathname != '/register.html' ) document.location.pathname = '/register.html';
})();
</script>