Protected Variables

The concept of protected Session variables is obsolete as of Version 11. All Session variables are now effectively "protected" and cannot be directly created from a query string or POST variables.


The Application Server supports 'protected' variables. Any variable name that starts with ' protected ' (e.g. ' protectedIsLoggedOn ') can only be set using Xbasic code in a page, and cannot be set from the URL. For example: http://myserver/page1.a5w?session.protectedIsLoggedOn=yes will not create the variable ' session.protectedIsLoggedOn '.

The word "protected" is preceded and followed by 2 underscore characters.


Web publishing applications only

See Also