Validates the message authentication code (MAC) generated by the SEAL( ) method to seal a client-principal object.
You can use this method to validate the seal whenever necessary.
Return type: LOGICAL
Applies to: Client-principal object handle
ABL raises ERROR if the client-principal object is not:
If you specify a domain access code, the AVM uses the specified value to validate the seal.
If you do not specify a domain access code, the AVM uses the access code defined for the domain in the trusted domain registry to validate the seal.
The AVM validates the seal by comparing it to the MAC generated from either the specified domain access code or the matching domain access code stored in the trusted domain registry. If the seal matches the generated MAC, the seal is valid and this method returns TRUE. Otherwise, the seal is invalid and this method returns FALSE.
The AVM also checks the LOGIN-EXPIRATION-TIMESTAMP attribute. If the client-principal object expires before you can validate its seal, the AVM sets the LOGIN-STATE attribute to "EXPIRED" and returns FALSE.
VALIDATE-SEAL( ) only generates an audit event when the method finds the client principal to be expired for the first time. When this happens, the method generates an audit event for a logout operation.
The following code fragment illustrates how to use the VALIDATE-SEAL( ) method: