Question
David Crawford · Jan 11, 2018

Best way to store session data?

Hello everyone,

What has been the best way for you to store and retrieve session information about a user for CSP projects? I can use these methods easily:

CSP Session Management

however I'd like to know if there's a better way to keep more permanent information, or should it all be kept in a class?

Additionally, using whatever method, what would be the best way to block user access to certain portions of the website or entire pages? Such as an admin section. With normal web development this wouldn't be too difficult, but I need help connecting this into CSP terms.

Thank you!

0
0 842
Discussion (3)1
Log in or sign up to continue

Be careful with session - see %CSP.Session:Unlock documentation

or should it all be kept in a class

in any unclear situation - use a class :)

It is very interesting and quite difficult question. Depends on how modern your application and how you build it.

The modern way to build web-application means that you use some web-frameworks such as Angular, React and so on. In this case, most of you frontend staff in Javascript/Typescript and even such pages can be already on the client side when user open your application. And it means that you can use some guardians to prevent access to some pages. But how to decide which user can have access which not. You have to ask about permissions from your server. And on server-side, you will have REST service which should AccessToken from browser to authorize all requests and return data which available by permissions for this user. REST service can even use or not session because with every request you will get information about the user from Access-Token. 

what would be the best way to block user access to certain portions of the website or entire pages?

In Caché/CSP terms, you would define a custom resource that represents the pages/sections that require different privileges, then assign access to that resource to a role, and assign that role to any users that should be allowed access.  In your CSP page you would then check if the current user has the necessary privileges and act accordingly.

This short tutorial gives a more detailed overview:
http://docs.intersystems.com/latest/csp/docbook/DocBook.UI.Page.cls?KEY=TSQS_Authorization