As described above, the preview mechanism uses a context parameter called atg.preview, which is set in an application’s web.xml file, to determine whether to initiate a preview user swap for a given request. Preview swapping can occur only for applications on the management server that are run with the –layer Preview switch, so in most cases you can leave the atg.preview parameter unspecified, or set it to true, for your Web applications. However, if you prefer to do so for security reasons, you can set this parameter to false for any management server Web applications that do not specifically require preview user swapping.
<context-param>
<param-name>atg.preview</param-name>
<param-value>false</param-value>
</context-param>
Note that the swap will still occur, regardless of the atg.preview setting, if the forcePreviewParam parameter is specified in the request query. The following example is from editSendEmail.jsp in ATG Outreach.
<c:url context="${campaignConfiguration.campaignsUIRoot}"
value="/preview.jsp" var="previewURL">
<c:param name="targetAssetType" value="${previewAssetTypeParam}"/>
<c:param name="targetVirtualPath" value="${previewPathParam}"/>
<c:param name="${previewParams.repositoryItemIdParam}"
value="${previewUserIdParam}"/>
<c:param name="${previewParams.forcePreviewParam}" value="true"/>
</c:url>