Question: CSP Session

CSP, Object Data Model, Caché

Hi,

  I was set one session in user namespce (%session.Data("sup")="login User ").but i couldn't get this session(%session.Data("sup")) in  another namespace.

Cache version:cache 16

but i can acces in cache 5.02.

  • 0
  • 0
  • 503
  • 1
  • 3

Answers

Hi Sansa, 

 

Take a look at the web application configuration if the Session Cookie Path are pointing to the same path. Also take a look at http://localhost:57772/csp/docbook/DocBook.UI.Page.cls?KEY=GCSP_sessions.... Are you using CSPSHARE=1 url parameter?

 

HTH,

Fábio 

Thanks Fabio,

             We have added CSPSHARE=1 along with URL. Now it is  working  fine.

             We have a doubt, will it cause any problem?

thanks,

Sansa.

 

I think you need to take a step back here and understand whats going on Sansa before you decide to use CSPSHARE=1. CSPSHARE should only be used as a last resort.

Firstly, we need to clarify what you mean by 'Namespace' when you are using CSP/ZEN pages in Cache. I think what you mean by 'Namespace' is actually web Application. For example, accessing the page:

localhost:57772/csp/samples/basic.csp

Uses the /csp/samples web application (which speaks to the SAMPLES namespace), and using a url like:

localhost:57772/csp/user/page.csp

Is using the /csp/user web application (which speaks to the USER namespace).

Now lets discuss the %session variable. This variable is shared by  webpages that make use of the same Cache session. By default Cache uses cookies to decide whether pages are using the same session. By default, each of the two web applications mentioned above would use 2 different session cookie paths (/csp/samples and /csp/user respectively), and therefore when switching between these 2 csp applications, you would use 2 different cookies, and thus 2 different Cache sessions. Since you are on different sessions, each one has their own %session variable.

When you add the CSPSHARE=1 parameter, it bypasses this (as well as several other security checks like whether or not the same browser made the request as previous requests for this session). Now simply having the same  CSPCHD parameter in the request is enough to make Cache think it is the same session (pages with CSPSHARE=1 automatically add this parameter to all of their links). So yes, now you can share data  between the  pages using %session, but you have also opened up a whole bunch of security related sharing between the pages that you may not want.

There are many ways to share data between pages without having to use the CSPSHARE feature. If you want to make use of the %session variable, then take a look at this section of the documentation that describes methods of sharing the authentication context and its associated data:

http://docs.intersystems.com/latest/csp/docbook/DocBook.UI.Page.cls?KEY=...

There are other methods as well though which don't touch the authentication/session stuff and let you just pass data between pages. For example, you could just pass the data in the url parameters, and if it's sensitive data, you can make use of the ENCODED parameter. You could also store the data in a global in Cache and access it from both pages.

Hopefully this gives you some options. If nothing else gives you the behavior you want, then go ahead and use the CSPSHARE feature, but be aware  of the drawbacks of using this feature, and I would recommend trying everything you can to avoid using  it if possible.