Skip to Content

Access to results page ?

I have developed a bsp/web app with two web pages.

default.htm and results.htm

default.htm is the main selection screen and the results.htm displays a table view.

The backend is a custom bapi.

The application works great except that if I cut and paste the link for the result.htm in a browser, it directly executes the report.

How do I stop that from happening ?

Coming from the old ABAP world, I'm still reading - learning - reading. In the meantime, any solutions/pointers would be appreciated.

Regards,

Maulik

Add comment
10|10000 characters needed characters exceeded

1 Answer

  • Posted on Jul 30, 2004 at 09:11 PM

    Maulik,

    Let me first write the question again. If it is not correct, please help.

    You have two pages default.htm and results.htm. The user executes directly results.htm and you don't like this?

    There are some ideas.

    (1) On the results page, do a request->get_header_field( if_http_headers=>referrer ), and check that this request is triggered by the default page. However, keep in mind that there exists software out there that will filter this header field. So it is not fail safe.

    (2) On the result page, just do a "IF request->get_form_field( 'abc') <> '123'. nagivation->goto_page( 'default.htm' ). And then on the default page, call the result page with "result.htm?abc=123". A simple trick that solves the problem in most cases. However, this can easily be hacked.

    (3) More secure approach, instead of using 123, generate a new GUID each time. Run stateful, and store the GUID also on the server. Each time that you enter results, check that the newly passed GUID is the one you generated previously.

    Now, was this the correct question?

    ++bcm

    Add comment
    10|10000 characters needed characters exceeded