PingAccess

Minimizing the PingAccess cookie size

Reduce the size of the PingAccess cookie if it causes problems in your environment.

About this task

Each of the following options can reduce the PingAccess cookie size. The exact reduction amount can’t be precisely quantified because it’s environment-dependent.

Steps

  • When configuring the site, clear the Send Token checkbox. This minimizes the amount of information forwarded to the site itself. Learn more in Adding sites, Editing sites, and Site field descriptions.

  • When configuring the web session, select the Cache User Attributes checkbox. This caches user information for use in policy decisions instead of including it in the cookie. Learn more in Creating web sessions and Editing and deleting web sessions.

  • When Configuring web session management settings, select the simplest algorithms: ECDSA using P-256 Curve for the Signing Algorithm and AES 128 with CBC and HMAC SHA 256 for the Encryption Algorithm.

    This option isn’t as impactful as the other options and might not be possible depending on your environment’s security needs.

  • When Configuring admin UI SSO authentication, clear the Include id_token_hint in SLO checkbox.

    If your token provider requires the id_token_hint parameter to complete single logout (SLO), explore the other options to reduce cookie size instead.

  • When Configuring OpenID Connect token providers, clear the Track token_id checkbox.

    If you want to use the id_token attribute in an identity mapping, rule, or virtual logout resource, explore the other options to reduce cookie size instead.

  • When Configuring PingOne Advanced Identity Cloud or PingAM as the token provider, clear the Track token_id checkbox.

    If you want to use the id_token attribute in an identity mapping, rule, or virtual logout resource, explore the other options to reduce cookie size instead.