--- title: Back-Channel Session Revocation Service description: PingFederate uses the Back-Channel Session Revocation Service to provide OAuth clients the capabilities to add sessions to the revocation list and to query the revocation status. component: pingfederate version: 13.1 page_id: pingfederate:server_clustering_guide:pf_bac_chann_sess_revoc_service canonical_url: https://docs.pingidentity.com/pingfederate/13.1/server_clustering_guide/pf_bac_chann_sess_revoc_service.html llms_txt: https://docs.pingidentity.com/pingfederate/llms.txt docs_for_agents: https://developer.pingidentity.com/build-with-ai/docs-for-agents.md revdate: July 5, 2022 section_ids: fifo-memory-management-scheme: FIFO memory management scheme related-links: Related links --- # Back-Channel Session Revocation Service PingFederate uses the Back-Channel Session Revocation Service to provide OAuth clients the capabilities to add sessions to the revocation list and to query the revocation status. When PingFederate is in clustered mode, the service proxy uses a group remote procedure call (RPC)-based implementation. When adding a session to its revocation list, the processing node always propagates the information to all engine nodes in the cluster. This allows you to choose whether queries are processed locally or after collecting information from other engine nodes. Processing queries locally results in faster response times for engine nodes in well-connected networks. Requiring data from other engine nodes adds a layer of protection against inconsistency among engine nodes revocation lists due to network outages. You can configure the RPC timeout and other settings in the `/pingfederate/server/default/conf/cluster-session-revocation.conf` file. The service proxy uses the class `org.sourceid.saml20.service.impl.grouprpc.SessionRevocationServiceGroupRpcImpl`. You can store Session Revocation Service data in a Redis cache, which will retain the data during upgrades or in case of a cluster restart. Learn more in [Storing PingFederate data with Redis](../administrators_reference_guide/pf_storing_pf_data_redis.html). ## FIFO memory management scheme To ensure the revocation list does not result in excessive memory usage, the Back-Channel Session Revocation Service employs a First-In, First-Out (FIFO) algorithm to purge old data. When the maximum size is reached, the oldest entries are automatically removed. The maximum number of sessions is configurable by the `SessionRevocationServiceMapImpl.max.revoked.sris` setting in the `/pingfederate/server/default/conf/size-limits.conf` file. The default value is `50000`. The FIFO memory manager operates in addition to the **Session Revocation Lifetime** setting, which is globally configured in the **Authentication > Sessions** menu. ## Related links * [Back-Channel Session Revocation](../administrators_reference_guide/pf_backchannel_sess_revocat.html) * [Session Revocation API endpoint](../developers_reference_guide/pf_session_revocation_api_endpoint.html) * [Runtime state-management architectures](pf_runtime_state_manage_achitec.html) * [Configuring authorization server settings](../administrators_reference_guide/help_authorizationserversettingstasklet_oauthauthorizationserversettingsstate.html)