David Crawford · Jan 19, 2018

Unauthenticated Functions


Is there a way for Class Methods to be called from a CSP page before a user is authenticated, and without any session information?


0 254
Discussion (1)1
Log in or sign up to continue

authentication is switched on/off  in Mgmt Portal 
 System > Security Management > Web Applications and bound to the specific WebApplication

CSP has typically a persistent %session object. 
You can that switch off by a Class parameter. 

#3) You have 2 typical places for private Classmethods:

OnPreHTTP() before anything goes back to browser or similar. 
You typically place your private authentication there.
OnPage() which means when you have already replied with an HTTP header...

Some Example

Class csp.NoSession Extends %CSP.Page

/// This parameter controls the CSP session support. By default CSP will use a persistent session
/// which holds a license until the session is ended or times out. If you override this then this
/// CSP page will use a transient session which is never persisted.
Parameter UseSession As BOOLEAN = 0;

ClassMethod OnPage() As %Status
    <h3> %session dump </h3>
    zwrite %session
    write "<h3> %request dump </h3>",!
    zwrite %request
    write "<h3> %response dump </h3>",!
    zwrite %response
    Quit $$$OK

/// Event handler for <b>PreHTTP</b> event: this is invoked before
/// the HTTP headers for a CSP page have been sent. All changes to the
/// <class>%CSP.Response</class> class, such as adding cookies, HTTP headers,
/// setting the content type etc. must be made from within the OnPreHTTP() method.
/// Also changes to the state of the CSP application such as changing
/// %session.EndSession or %session.AppTimeout must be made within the OnPreHTTP() method.
/// It is prefered that changes to %session.Preserve are also made in the OnPreHTTP() method
/// as this is more efficient, although it is supported in any section of the page.
/// Return <b>0</b> to prevent <method>OnPage</method> from being called.
ClassMethod OnPreHTTP() As %Boolean [ ServerOnly = 1 ]
quit $$$OK