Server-side sessions
Server-side sessions reside in a database internal to PingOne Advanced Identity Cloud called the Core Token Service (CTS) token store.
When you configure PingOne Advanced Identity Cloud to use server-side sessions, PingOne Advanced Identity Cloud sends session references to clients. The references do not contain any of the session state information. PingOne Advanced Identity Cloud can modify sessions during their lifetime without changing clients' references to the session.
Server-side authentication sessions
PingOne Advanced Identity Cloud uses authentication sessions to manage authentication journeys before a user has authenticated successfully.
During authentication, the authentication session reference is returned to the
client after each call to the authenticate
endpoint and stored in the authId
object of the JSON response.
PingOne Advanced Identity Cloud maintains the authentication session in the CTS token store. After the authentication flow has completed, if the realm to which the user has authenticated is configured for client-side sessions, PingOne Advanced Identity Cloud returns the session state to the client and deletes the server-side session.
Server-side session tokens
After the user has successfully authenticated, PingOne Advanced Identity Cloud returns a session reference, which is known as an SSO token.
For browser clients, PingOne Advanced Identity Cloud sets a cookie in the browser that contains the session reference.
For REST clients, PingOne Advanced Identity Cloud returns the session reference in response to calls
to the authentication
endpoint.
Server-side sessions and in-memory caching
Server-side sessions can be cached in memory. When a session that is being requested is cached, session retrieval is nearly instantaneous.
PingOne Advanced Identity Cloud automatically caches server-side sessions after retrieving them from the CTS token store. No configuration is required to enable server-side session caching.