views:

66

answers:

0

Hi. I have a web application using spring webflow and spring security. I have a problem with concurrency and here's the scenario.

When I log in an and go to an edit page, and when my account was already restricted for that operation, I am not supposed to be able to perform the operation already. I see that since my ROLE save in the session was loaded during log in so this would naturally happen. What's the best practice for this. Shall I query for my role and replace that in the session FOR EVERY critical operation or restricted operation? Is this not an overhead to the server?