diff --git a/src/imem_sec.erl b/src/imem_sec.erl
index 17a7fc9..5d4abbb 100755
--- a/src/imem_sec.erl
+++ b/src/imem_sec.erl
@@ -919,15 +919,21 @@ have_module_permission(SKey, Module, Operation) ->
 
 %% ------- local private security extension for sql and tables (do not export!!) ------------
 
-seco_authorized(SKey) -> 
+seco_authorized(SKey) ->
     case imem_meta:read(ddSeCo@, SKey) of
-        [#ddSeCo{pid=Pid, authState=authorized} = SeCo] when Pid == self() -> 
+        [#ddSeCo{pid=Pid, authState=authorized} = SeCo] when Pid == self() ->
             SeCo;
-        [#ddSeCo{pid=Pid}] ->      
-            ?SecurityViolation({"Not logged in", {SKey,Pid}});
-        [] ->               
+        [#ddSeCo{pid=Pid, authState=authorized} = SeCo] ->
+            {links, Links} = erlang:process_info(self(), links),
+            case lists:member(Pid, Links) of
+                true ->
+                    SeCo;
+                false ->
+                    ?SecurityViolation({"Not logged in", SKey})
+            end;
+        [] ->
             ?SecurityException({"Not logged in", SKey})
-    end.   
+    end.
 
 % have_table_ownership(SKey, {Schema,Table,_Alias}) ->
 %     have_table_ownership(SKey, {Schema,Table});
diff --git a/src/imem_seco.erl b/src/imem_seco.erl
index e8de054..f4206c1 100755
--- a/src/imem_seco.erl
+++ b/src/imem_seco.erl
@@ -59,6 +59,7 @@
         , has_role/2
         , has_permission/3
         , has_permission/2
+        , get_skey_pid/1
         ]).
 
 -export([ have_role/2
@@ -296,6 +297,9 @@ if_has_child_permission([RootRoleId|OtherRoles], Permission) ->
         false ->    if_has_child_permission(OtherRoles, Permission)
     end.
 
+get_skey_pid(SKey) ->
+    #ddSeCo{pid=Pid} = seco_authorized(SKey),
+    {ok, Pid}.
 
 %% --Implementation (exported helper functions) ----------------------------------------
 
@@ -354,11 +358,21 @@ seco_register(#ddSeCo{skey=SKey, pid=Pid}=SeCo, AuthState) when Pid == self() ->
 seco_unregister(#ddSeCo{skey=SKey, pid=Pid}) when Pid == self() -> 
     catch if_delete(SKey, ddSeCo@, SKey).
 
+is_pid_linked(SKey, #ddSeCo{pid=Pid} = SeCo) ->
+    {links, Links} = erlang:process_info(self(), links),
+    case lists:member(Pid, Links) of
+        true ->
+            SeCo;
+        false ->
+            ?SecurityViolation({"Not logged in", SKey})
+    end.
 
 seco_existing(SKey) -> 
     case if_read(ddSeCo@, SKey) of
         [#ddSeCo{pid=Pid} = SeCo] when Pid == self() -> 
             SeCo;
+        [#ddSeCo{} = SeCo] ->
+            is_pid_linked(SKey, SeCo);
         [] ->               
             ?SecurityException({"Not logged in", SKey})
     end.   
@@ -379,11 +393,11 @@ seco_authorized(SKey) ->
     case if_read(ddSeCo@, SKey) of
         [#ddSeCo{pid=Pid, authState=authorized} = SeCo] when Pid == self() -> 
             SeCo;
-        [#ddSeCo{}] ->      
-            ?SecurityViolation({"Not logged in", SKey});
-        [] ->               
+        [#ddSeCo{authState=authorized} = SeCo] ->
+            is_pid_linked(SKey, SeCo);
+        [] ->
             ?SecurityException({"Not logged in", SKey})
-    end.   
+    end.
 
 seco_update(#ddSeCo{skey=SKey,pid=Pid}=SeCo, #ddSeCo{skey=SKey,pid=Pid}=SeCoNew) when Pid == self() -> 
     case if_read(ddSeCo@, SKey) of
diff --git a/src/imem_server.erl b/src/imem_server.erl
index 1326a97..f010409 100755
--- a/src/imem_server.erl
+++ b/src/imem_server.erl
@@ -165,14 +165,27 @@ mfa({Ref, Mod, which_applications, Args}, Transport) when Mod =:= imem_sec;
 mfa({_Ref, imem_sec, echo, [_, Term]}, Transport) ->
     send_resp({server_echo, Term}, Transport),
     ok;
+mfa({Ref, imem_sec = Mod, Fun, Args}, Transport) when Fun =:= login;
+                                                      Fun =:= auth_start;
+                                                      Fun =:= schema;
+                                                      Fun =:= logout;
+                                                      Fun =:= auth_add_cred ->
+    mfa(Ref, Mod, Fun, Args, Transport);
 mfa({Ref, Mod, Fun, Args}, Transport) ->
+    spawn_link(fun() ->
+        mfa(Ref, Mod, Fun, Args, Transport)
+    end),
+    ok. % 'ok' returned for erlimem compatibility
+
+mfa(Ref, Mod, Fun, Args, Transport) ->
     NewArgs = args(Ref,Fun,Args,Transport),
-    ApplyRes = try
-                   ?TLog("~p MFA -> R ~n ~p:~p(~p)~n", [Transport,Mod,Fun,NewArgs]),
-                   apply(Mod,Fun,NewArgs)
-               catch 
-                    _Class:Reason -> {error, {Reason, erlang:get_stacktrace()}}
-               end,
+    ApplyRes =
+    try
+        ?TLog("~p MFA -> R ~n ~p:~p(~p)~n", [Transport,Mod,Fun,NewArgs]),
+        apply(Mod,Fun,NewArgs)
+    catch
+        _Class:Reason -> {error, {Reason, erlang:get_stacktrace()}}
+    end,
     ?TLog("~p MFA -> R ~n ~p:~p(~p) -> ~p~n", [Transport,Mod,Fun,NewArgs,ApplyRes]),
     ?TLog("~p MF -> R ~n ~p:~p -> ~p~n", [Transport,Mod,Fun,ApplyRes]),
     send_resp(ApplyRes, Transport),
diff --git a/src/imem_statement.erl b/src/imem_statement.erl
index 8181863..4629eea 100755
--- a/src/imem_statement.erl
+++ b/src/imem_statement.erl
@@ -70,11 +70,12 @@
 %% gen_server -----------------------------------------------------
 
 create_stmt(Statement, SKey, IsSec) ->
+    {ok, SKeyPid} = imem_seco:get_skey_pid(SKey),
     case IsSec of
         false -> 
-            gen_server:start(?MODULE, [Statement,self()], [{spawn_opt, [{fullsweep_after, 0}]}]);
+            gen_server:start(?MODULE, [Statement,SKeyPid], [{spawn_opt, [{fullsweep_after, 0}]}]);
         true ->
-            {ok, Pid} = gen_server:start(?MODULE, [Statement,self()], []),
+            {ok, Pid} = gen_server:start(?MODULE, [Statement,SKeyPid], []),
             NewSKey = imem_sec:clone_seco(SKey, Pid),
             ok = gen_server:call(Pid, {set_seco, NewSKey}),
             {ok, Pid}