Skip to main content

Reserved URL Parameters

The following URL parameters are reserved, within the context of a CSP-based web application:


From the login page, contains the username to log in


From the login page, contains the password of the user designated by IRISUserName


If passed in with IRISUserName and IRISPassword, it contains the current password for the user. The security routines changes the user’s password to a new value, the one from IRISPassword, such as, IRISOldPassword=fredsAboutToBeChangedPwd. After the password is changed, the user is logged in using the new password.


IRISLogout with no value or any value other than cookie causes the session for this request to be logged out (but not destroyed.) Logging out destroys the current login cookie and removes any two-factor security tokens being held in limbo for this session.

IRISLogout=cookie destroys the current login cookie.


IRISSecurityToken contains the value of a submitted security token from the Login Security Token page, such as IRISSecurityToken=12345678.


The presence of this name indicates that the user is submitting a security token whose value is associated with IRISSecurityToken.


The presence of this name indicates that the user has cancelled out of the Login Security Token page.


Login pages, including custom login pages, contain two sub-pages: one for login and one for returning the security token value. The page checks the value of IRISLoginPage to determine which subpage to display. IRISLoginPage=1 indicates the Login subpage should be displayed.


A page P is requested, but it is unauthenticated, so the Login page is displayed. After the user submits the information from the login page, usually the page request for P is redirected back to the browser. (This stops the browser from asking the user to press the <Resend> button before its shows P.) This behavior can be short-circuited by passing IRISNoRedirect=1

FeedbackOpens in a new tab