CSP provides the notion of a private page. A private page can only be navigated to from another page within the same CSP session. Private pages are useful for applications where you want to restrict access to certain pages.
For example, suppose there is a private page called private.csp (one of the CSP sample pages). A user cannot navigate directly to private.csp (for example, by typing in its URL). A user can only navigate to private.csp from a link contained within another CSP page. The link contained in the referring CSP page cannot be an absolute URL, starting with http://. Only paths relative to the referring page are properly encrypted/tokenized by the private pages method. That is: The first two links below pass the same token to the target private page, test2.csp.
<A HREF='test2.csp'>Link to private page - relative path</A> <BR> <A HREF='/csp/samples/test2.csp'> Link to private page - full application path</A> <BR>
This link is hashed differently and fails access.
<A HREF='http://myserver/csp/samples/test2.csp'> Link to private page - absolute path</A>
The user also cannot bookmark a private page for later use because the encrypted token used to protect the private page is only valid for the current session.
Private pages work as follows. The %CSP.Page subclass responsible for the page has its class parameter PRIVATE set to 1. A URL requesting this page must contain a valid, encrypted CSPToken value in its query string. Any links to this page processed by CSP automatically have an encrypted CSPToken value.