Skip to main content

This is documentation for Caché & Ensemble.

For information on converting to InterSystems IRIS, see the InterSystems IRIS Adoption Guide and the InterSystems IRIS In-Place Conversion Guide, both available on the WRC Distributions page (login required).

Previous sectionNext section

Private Pages

Private Pages

CSP provides the notion of a private page. A private page can only be navigated to from another page within the same CSP session. Private pages are useful for applications where you want to restrict access to certain pages.

For example, suppose there is a private page called private.csp (one of the CSP sample pages). A user cannot navigate directly to private.csp (for example, by typing in its URL). A user can only navigate to private.csp from a link contained within another CSP page. The link contained in the referring CSP page cannot be an absolute URL, starting with http://. Only paths relative to the referring page are properly encrypted/tokenized by the private pages method. That is: The first two links below pass the same token to the target private page, test2.csp.

<A HREF='test2.csp'>Link to private page - relative path</A> <BR>
<A HREF='/csp/samples/test2.csp'>
       Link to private page - full application path</A> <BR>
Copy code to clipboard

This link is hashed differently and fails access.

<A HREF='http://myserver/csp/samples/test2.csp'>
        Link to private page - absolute path</A>
Copy code to clipboard

The user also cannot bookmark a private page for later use because the encrypted token used to protect the private page is only valid for the current session.

Private pages work as follows. The %CSP.Page subclass responsible for the page has its class parameter PRIVATE set to 1. A URL requesting this page must contain a valid, encrypted CSPToken value in its query string. Any links to this page processed by CSP automatically have an encrypted CSPToken value.