PingAccess

Minimizing the PingAccess cookie size

Reduce the size of the PingAccess cookie if its size causes problems in your environment.

About this task

The options presented here each reduce the PingAccess cookie size. Because the reduction amount depends on your environment, it can’t be precisely quantified.

Steps

  • When configuring the web session, select the Cache User Attributes check box. This option caches user information for use in policy decisions instead of including it in the cookie. For more information, see Creating web sessions and Editing and deleting web sessions.

  • When configuring the site, clear the Send Token check box. This minimizes the amount of information forwarded to the site itself. For more information, see Adding sites, Editing sites, and Site field descriptions.

  • When Configuring admin UI SSO authentication, clear the Include id_token_hint in SLO check box.

    If your token provider requires the id_token_hint parameter to complete single logout (SLO), explore the other options to reduce cookie size instead.

  • When Configuring OpenID Connect token providers, clear the Track token_id check box.

    If you want to use the id_token attribute in an identity mapping or rule, explore the other options to reduce cookie size instead.

  • When Configuring web session management settings, select the simplest algorithms: ECDSA using P-256 Curve for the Signing Algorithm and AES 128 with CBC and HMAC SHA 256 for the Encryption Algorithm.

    This option isn’t as impactful as the other options and might not be possible depending on your environment’s security needs.