Logon ticket caching is used to increase the speed of the logon procedure for a specific user, after that user has logged on for the first time.
The logon ticket mechanism is used to set up Single Sign-On. On SAP Web Application Server, you set up the Logon Ticket mechanism using profile parameters. Appropriate profile parameters are provided.
The logon ticket is stored in a non-persistent HTTP cookie in the user's Web browser. To prevent logon tickets from being forged, the issuing server digitally signs every ticket. This digital signature is then verified when a logon ticket is used in a logon session. Complex cryptographic operations are used to create and verify tickets. This has the disadvantage that subsequent logons with a logon ticket can take longer than the initial logon with a user name and password. To avoid possible reduction in performance when using logon tickets, logon ticket caching has now been introduced.
New and verified tickets are stored in a cache memory located in the shared memory on the SAP Web Application Server. When a user attempts to log on to SAP Web Application Server using a logon ticket, the system searches the cache memory. If the system finds a cache entry for this logon ticket, it simply reads the logon information from the cache memory and does not perform a signature check. The cache entry stays in the cache memory until the expiry date of the new or received logon ticket. Thus, cache entries cannot be used after the ticket itself has expired. The Hash procedure used to encode the cache entry ensures that the probability of anyone correctly guessing a valid cache entry during its lifetime is very low.
Logon ticket caching causes no visible changes for the user, except improved performance.
The logon ticket cache is activated by default. You can change this setting using the profile parameter login/ticketcache_off. In all SAP Web Application Server systems, the default value of this parameter is 0.
If you experience problems (for example, with the shared memory), you can switch off ticket caching by setting the profile parameter to 1 ( login/ticketcache_off=1).
Each entry in the logon ticket cache requires approximately 150 bytes of shared memory. The standard size of the cache is 1000 entries (profile parameter login/ticketcache_entries_max=1000).
You can change the size of the cache by changing the defined value of the profile parameter login/ticketcache_entries_max.
Each cache entry is identified by the client it applies to and by the coded ticket with user ID, lifetime, and signature. The lifetime of the cache entry is set to the remaining validity period of the ticket.