From here, IsReferenceMode determines whether the session should be stored in the session cookie or whether the session content should be stored on the server side, using the cookie to store just a reference.
But if I implemented a custom Server-side session token caching, and set the reference mode to false, which means the session is being savedonly in a cookie in the client side, the service is still being called to save and retrieve the SecuritySession!!!!.
Isn't strange? Is the session being saved in both server and client side in this case? If yes, where is it being read from exactly?