At the min, a user can access all cookie password protected services if they know the actual URL to the service.
That's the way this auth method works, I'm afraid there is no way around that.
Perhaps, https://github.com/causefx/Organizr/wiki/Authentication-%7C-Server-Based would be better?
added nginx conf
Join the discussion!