How does the parameter studenID gets its value? My assumption would be that this parameter gets populated at the login page so I would set up studentID to be a Dynamic parameter value and set the extraction point to be the page at which the parameter value should be populated. That way the value can only be set or changed by information gathered and passed during the login process. Which I would assume would be password protected and therefore should resolve your concern about being able to tamper with the value in other parts of the page.
To further tighten this down you would want to implement flows was well and define a login page so that everyone has to start at the login page and cannot get to authenticated pages unless they come from the login page first. Yes this can be bypassed by crafting requests and messing with the refer but it will take away some of the ease of it