Last post Nov 27, 2014 09:24 AM by BrockAllen
Nov 26, 2014 02:39 AM|hom_rcp|LINK
If I cached the Security Token in a custom sessionSecurityTokenCache, should I use IsReferenceMode?
Because without setting IsReferenceMode to true, the FedAuth cookie is still large although the cache service is being called!
Nov 26, 2014 08:17 AM|BrockAllen|LINK
If the cookie size is the concern, then yes, you want reference mode.
Nov 26, 2014 11:59 AM|hom_rcp|LINK
The cookie size is not the only concern, but since the SecurityToken is being cached in the custom cache service, why the cookie exists? And where is the token being read exactly? The cookie or the service?
Since in my sample, the cookie exists and the service is being called for Add/Update and Get !!
Nov 26, 2014 12:27 PM|BrockAllen|LINK
You still need some way for the browser to let you know who the user is, thus some cookie is needed.
Nov 27, 2014 05:24 AM|hom_rcp|LINK
Thank you very much for your answer. I do know that I still need some information from the browser to have the Key of the server session but the cookie size is about 8 KB which means it is not only a key, instead, it contains the claims and the bootstrap
context and the whole SecurityToken which is not expected.
Am I right?
Nov 27, 2014 09:24 AM|BrockAllen|LINK
Reference mode does make the cookie smaller, but the cookie is still fairly large (~500 bytes IIRC) since they're using XML as their serialization format.
As for the cache, I've done some work related to it: