Hi, I am writing a custom authentication class to require some additional info to users and then I have to inject that value on a custom header with an injection policy. This value should be valid only during the NAM Session so I don't want to persist it on a cookie or on the user store. Which strategy would you recommend to do that?

I have tried with the setPrincipalAttributes method at the Authentication Class but then the policy injects empty values. I set a session property but it is not accesible from the injection policy. I could use Cookies but I should play with the expiration time.

Thanks in advance,