--- title: Minimizing the PingAccess cookie size description: Reduce the size of the PingAccess cookie if it causes problems in your environment. component: pingaccess version: 9.0 page_id: pingaccess:troubleshooting:pa_minimizing_the_pa_cookie_size canonical_url: https://docs.pingidentity.com/pingaccess/9.0/troubleshooting/pa_minimizing_the_pa_cookie_size.html revdate: June 1, 2023 section_ids: about-this-task: About this task steps: Steps --- # Minimizing the PingAccess cookie size Reduce the size of the PingAccess cookie if it causes problems in your environment. ## About this task Each of the following options can reduce the PingAccess cookie size. The exact reduction amount can't be precisely quantified because it's environment-dependent. ## Steps * When configuring the site, clear the **Send Token** checkbox. This minimizes the amount of information forwarded to the site itself. Learn more in [Adding sites](../pingaccess_user_interface_reference_guide/pa_adding_sites.html), [Editing sites](../pingaccess_user_interface_reference_guide/pa_editing_sites.html), and [Site field descriptions](../pingaccess_user_interface_reference_guide/pa_site_field_descriptions_ref.html). * When configuring the web session, select the **Cache User Attributes** checkbox. This caches user information for use in policy decisions instead of including it in the cookie. Learn more in [Creating web sessions](../pingaccess_user_interface_reference_guide/pa_creating_web_sessions.html) and [Editing and deleting web sessions](../pingaccess_user_interface_reference_guide/pa_editing_web_sessions.html). * When [Configuring web session management settings](../pingaccess_user_interface_reference_guide/pa_configuring_web_session_management_settings.html), select the simplest algorithms: `ECDSA using P-256 Curve` for the **Signing Algorithm** and `AES 128 with CBC and HMAC SHA 256` for the **Encryption Algorithm**. | | | | - | ----------------------------------------------------------------------------------------------------------------------------- | | | This option isn't as impactful as the other options and might not be possible depending on your environment's security needs. | * When [Configuring admin UI SSO authentication](../pingaccess_user_interface_reference_guide/pa_configuring_admin_ui_sso_authn_task.html), clear the **Include id\_token\_hint in SLO** checkbox. | | | | - | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | | If your token provider requires the `id_token_hint` parameter to complete single logout (SLO) *(tooltip: \
\

The process of signing a user out of multiple sites where the user has started a SSO session.\

\
)*, explore the other options to reduce cookie size instead. | * When [Configuring OpenID Connect token providers](../pingaccess_user_interface_reference_guide/pa_configuring_oidc.html), clear the **Track token\_id** checkbox. | | | | - | -------------------------------------------------------------------------------------------------------------------------------------------------------------- | | | If you want to use the `id_token` attribute in an identity mapping, rule, or virtual logout resource, explore the other options to reduce cookie size instead. | * When [Configuring PingOne Advanced Identity Cloud or PingAM as the token provider](../pingaccess_user_interface_reference_guide/pa_configuring_p1aic_or_pingam_as_the_token_provider.html), clear the **Track token\_id** checkbox. | | | | - | -------------------------------------------------------------------------------------------------------------------------------------------------------------- | | | If you want to use the `id_token` attribute in an identity mapping, rule, or virtual logout resource, explore the other options to reduce cookie size instead. |