Question
David Crawford · Jan 19, 2018

Unauthenticated Functions

Hello,

Is there a way for Class Methods to be called from a CSP page before a user is authenticated, and without any session information?

Thanks!

0
0 254
Discussion (1)1
Log in or sign up to continue

#1)
authentication is switched on/off  in Mgmt Portal 
 System > Security Management > Web Applications and bound to the specific WebApplication

#2)​ 
CSP has typically a persistent %session object. 
You can that switch off by a Class parameter. 

#3) You have 2 typical places for private Classmethods:

OnPreHTTP() before anything goes back to browser or similar. 
You typically place your private authentication there.
http://docs.intersystems.com/latest/csp/documatic/%25CSP.Documatic.cls?P...
OnPage() which means when you have already replied with an HTTP header...

Some Example

Class csp.NoSession Extends %CSP.Page
{

/// This parameter controls the CSP session support. By default CSP will use a persistent session
/// which holds a license until the session is ended or times out. If you override this then this
/// CSP page will use a transient session which is never persisted.
Parameter UseSession As BOOLEAN = 0;

ClassMethod OnPage() As %Status
{
    &html<<html><head></head><body><pre>
    <h3> %session dump </h3>
 >
    zwrite %session
    write "<h3> %request dump </h3>",!
    zwrite %request
    write "<h3> %response dump </h3>",!
    zwrite %response
 &html<
 </pre></server></body></html>>
    Quit $$$OK
}

/// Event handler for <b>PreHTTP</b> event: this is invoked before
/// the HTTP headers for a CSP page have been sent. All changes to the
/// <class>%CSP.Response</class> class, such as adding cookies, HTTP headers,
/// setting the content type etc. must be made from within the OnPreHTTP() method.
/// Also changes to the state of the CSP application such as changing
/// %session.EndSession or %session.AppTimeout must be made within the OnPreHTTP() method.
/// It is prefered that changes to %session.Preserve are also made in the OnPreHTTP() method
/// as this is more efficient, although it is supported in any section of the page.
/// Return <b>0</b> to prevent <method>OnPage</method> from being called.
ClassMethod OnPreHTTP() As %Boolean [ ServerOnly = 1 ]
{
   
quit $$$OK
}

}