| title | DBCC FLUSHAUTHCACHE (Transact-SQL) | ||||
|---|---|---|---|---|---|
| description | DBCC FLUSHAUTHCACHE empties the database authentication cache containing information about logins and firewall rules, for the current user database in Azure SQL Database. | ||||
| author | VanMSFT | ||||
| ms.author | vanto | ||||
| ms.reviewer | randolphwest | ||||
| ms.date | 12/05/2022 | ||||
| ms.service | sql | ||||
| ms.subservice | t-sql | ||||
| ms.topic | language-reference | ||||
| f1_keywords |
|
||||
| helpviewer_keywords |
|
||||
| dev_langs |
|
||||
| monikerRange | = azuresqldb-current |
[!INCLUDEAzure SQL Database]
Empties the database authentication cache containing information about logins and firewall rules, for the current user database in [!INCLUDEssSDS].
DBCC FLUSHAUTHCACHE doesn't apply to the logical master database, because the master database contains the physical storage for the information about logins and firewall rules.
The user executing the statement and other currently connected users remain connected. (DBCC FLUSHAUTHCACHE isn't currently supported for [!INCLUDEssazuresynapse-md].)
:::image type="icon" source="../../includes/media/topic-link-icon.svg" border="false"::: Transact-SQL syntax conventions
DBCC FLUSHAUTHCACHE
[;]
None.
The authentication cache makes a copy of logins and server firewall rules stored in the master database, and places them in memory in the user database. Since information about contained database users is already stored in the user database, contained database users aren't part of the authentication cache.
Continuously active connections to [!INCLUDEssSDS] require reauthorization (performed by the [!INCLUDEssDE]) at least every 10 hours. The [!INCLUDEssDE] attempts reauthorization using the originally submitted password and no user input is required. For performance reasons, when a password is reset in [!INCLUDEssSDS], the connection won't be reauthenticated, even if the connection is reset because of connection pooling. This behavior is different from the behavior of on-premises [!INCLUDEssNoVersion]. If the password has changed since the connection was initially authorized, the connection must be terminated and a new connection made using the new password.
A user with the KILL DATABASE CONNECTION permission can explicitly terminate a connection to [!INCLUDEssSDS] by using the KILL (Transact-SQL) command.
Requires the KILL DATABASE CONNECTION permission [!INCLUDEssSDS] or the admin account.
The following statement clears the authentication cache for the current database.
DBCC FLUSHAUTHCACHE;