Rosti Zacharias · Mar 21, 2018

Hiding/re-writing URL content


There have been similar questions asked before, but a few years ago now. My problem is that when I create an application in plain CSP, a typical link to a page will look like this in the browser..

One user sent back a comment.. 'I'm not using your application as it is un-secure' .. based on the fact that the elements are spelled out in the URL.

Is there now some way of hiding the path and the .csp page in the URL?

Thanks in advance,


0 307
Discussion (6)3
Log in or sign up to continue

In CSP-Application you should choose Use Cookie for Session: Always

Or you can control it programmatically in %session with Property UseSessionCookie 

property UseSessionCookie as %Integer [ InitialExpression = 1 ];

Indicates whether sessions should be maintained using cookies or not. There are three possible values:
  • 0 - Never use cookies. This will pass the CSPCHD parameter around in all the url links and as hidden fields in the <FORM> elements.
  • 1 - Auto detect cookie support. This will start by trying to insert a cookie into the browser, if this fails it will switch to mode 0 and never use cookies for this session. The initial page will send both cookies to the browser and it will include the CSPCHD parameter in all links and forms.
  • 2 - Always use cookies. This will only use cookies so if the browser does not accept the cookie then the session state will not be maintained.

Thanks Dmitry,

How does this affect the URL? 


Yes John,

I have seen URLs that have just the domain name and suppress the rest. I'm pretty sure there has to be a way of hiding it and still retain the functionality we need.


If you set Always use cookies, CSPCHD will not appear in URL anymore.

Looks like you want to get more than just hide CSPCHD. It is still possible. You can achieve with URL rewrite in IIS or Apache.

Let's say if you configure your DNS for or any other as you want, or just * for all subdomains, to the same server. You can configure URL Rewrite's for the particular domain to another path.

Rewrite is different from Redirect, when Redirect will show new URL, when Rewrite works hidden and even can redirect to some internal server not available from outside.