The present invention relates to an ingress-session-based authorization and access control method and system to control access from an initiator-host (IH) to objects (Target 1, Target 2) on a target host (TH) by receiving an access-request, preferably a request-message (M1), originally coming from the initiator-host (IH), that references an object (Target 1, Target 2) on the target host (TH) to access, assigning the access-request (M1) to an ingress-session and selecting a session-context (SC-U, SC-W, SC-Y) belonging to that ingress-session, checking whether the access to the referenced object (Target 1, Target 2) is authorized in the selected session-context (SC-U, SC-W, SC-Y)or not wherein references to objects (Target 1, Target 2) on the target host (TH) were handed over to the initiator-host (IH) as a response to an access-request already granted and wherein the object the reference is handed over for is authorized for access under the handed over reference in that session-context (SC-U, SC-W, SC-Y)the already granted access-request is assigned to.