As Nick says, the dashboard is a Single Page Application (SPA), and so it only renders the portion that corresponds to the page being shown. The only luck I’ve had with managing the page flow is by watching for output from a ui_control node, which sends a msg every time the page changes.
Although you can’t do actually “security” with it, you can redirect the user back to another page if you detect certain situations (missing context variable, for instance). You can see more examples and some cautions on this discussion thread.
