The API functions that validate a session ID allow custom web pages to verify the validity of an ITP/Server session ID. These functions provide for implementation of custom pages in Secure Mode custom applications. Refer to Securing ITP/OnLine for more information on Secure Mode applications.
Ad hoc requests, which use URL parameters to specify their parameters, are not allowed in Secure Mode applications. Only prepared requests, either prepared model lists, or prepared model runs are allowed. Refer to chapter Integration for more information on prepared requests. The session ID validation functions are used to verify that the query parameter sessionid of a custom web page corresponds to an ITP/Server session that represents a prepared request of a particular session type.
Note:
The usage of session ID validation functions is not sufficient to guarantee the security of an ITP/OnLine web application. Refer to chapter Securing ITP/OnLine for more information on the security guidelines.