| Platform SDK: Logon Authentication |
Schannel maintains a cache of successfully established sessions. The primary purpose of this is to allow an abbreviated handshake, called a reconnect, when establishing a connection between a client and server that recently performed a complete handshake. When it works, performance improves as it allows the RSA and certificate validation code to be skipped.
There is exactly one cache entry per session. Each session is established with a complete SSL/TLS handshake. There can be any number of connections (also known as contexts) associated with each session.
The Schannel cache is invisible to server applications except for the memory it consumes. Client applications must provide a unique name for each server that they connect to (such as the server's DNS name) and specify this name in the pszTargetName parameter each time they call InitializeSecurityContext while connecting to the server. This ensures that the correct cache entry is used.
Note The pszTargetName parameter must match the subject common name in the server's certificate for Server-Gated Crypto (SGC) to work correctly.