Minimizing the PingAccess cookie size
Reduce the size of the PingAccess cookie if its size causes problems in your environment.
About this task
The options presented here each reduce the PingAccess cookie size. Because the reduction amount depends on your environment, it can’t be precisely quantified.
Steps
-
When configuring the web session, select the Cache User Attributes check box. This option caches user information for use in policy decisions instead of including it in the cookie. For more information, see Creating web sessions and Editing and deleting web sessions.
-
When configuring the site, clear the Send Token check box. This minimizes the amount of information forwarded to the site itself. For more information, see Adding sites, Editing sites, and Site field descriptions.
-
When Configuring admin UI SSO authentication, clear the Include id_token_hint in SLO check box.
If your token provider requires the
id_token_hint
parameter to complete single logout (SLO), explore the other options to reduce cookie size instead. -
When Configuring OpenID Connect token providers, clear the Track token_id check box.
If you want to use the
id_token
attribute in an identity mapping or rule, explore the other options to reduce cookie size instead. -
When Configuring web session management settings, select the simplest algorithms:
ECDSA using P-256 Curve
for the Signing Algorithm andAES 128 with CBC and HMAC SHA 256
for the Encryption Algorithm.This option isn’t as impactful as the other options and might not be possible depending on your environment’s security needs.