Session cache

In conjunction with balancing, a session caching system works to improve the use of network bandwidth and the allocation/deallocation of resources in the HSM and on the application server. When the application requests that the session be terminated from the HSM, it is terminated logically (for the application, the session has been successfully closed); the HSM library (loaded into the address space of the application process) maintains the physical session with the HSM for a certain period of time; if a new session is requested, the library reuses that physical session (re-authenticating the user locally). By reusing an already established session, there is a benefit in not having to negotiate the physical session again, especially if the application is using encrypted sessions (TLS). The type of the new session (open or encrypted) must be the same as the existing physical session. If the physical session in the cache is not reused within the timeout period, it is physically terminated.

Characteristics of the session cache:

  1. Intra-process: caching is done per process. This means that 2 applications on the same machine will each have a cache, without sharing sessions between the processes;
  2. Centralized: implemented in the HSM library. This way the cache is enabled at a central point and all other libraries dependent on it inherit the functionality;
  3. Transparent: to enable session caching you only need to enable an environment variable. No changes to the application's source code are required.