one of the documented procedures in this installation of the ACS
ad_get_client_property { -cache t -browser f -cache_only f } module name
What it does:
Looks up a property for the current session, or for the browser. If $cache is true, will use the cached value if available. If $cache_only is true, will never incur a database hit (i.e., will only return a value if cached). If the property is secure, we must be on a validated session over SSL.
Defined in: /web/philip/packages/acs-core/security-procs.tcl

Source code:

arg_parser_for_ad_get_client_property $args

    global ad_conn

    set id [ad_decode $browser "t" [ad_get_browser_id] [ad_get_session_id]]

    set cmd [list sec_lookup_property $browser $id $module $name]

    if { $cache_only == "t" && ![util_memoize_value_cached_p $cmd] } {
	return ""

    if { $cache != "t" } {
	util_memoize_flush $cmd

    set property [util_memoize $cmd [sec_session_timeout]]
    if { $property == "" } {
	return ""
    set value [lindex $property 0]
    set secure_p [lindex $property 1]
    if { $secure_p != "f" && $ad_conn(sec_validated) != "secure" } {
	return ""

    return $value