Trust everyone is doing great.
We are currently using an active policy expression to enforce a custom authorization logic in the policy. The logic makes a call to the SQL DB query to fetch some values and make an authorization decision. Now we have to send few attributes/values (coming from SQL db) as response to the application. We can do this using active response, but that will be another db call on each page.
So my question is, can we set these SQL DB values (returned by SQL query) directly as response or a variable within the Active policy expression to avoid another db call in active response ? I know we can set these value in session store, but as a security practice - it's not recommended to set values in session store.
Appreciate any other suggestions.