Potential for high memory consumption by negative caching

Currently negative caching uses in-process memory. This might be abused and lead to out of memory condition (and hence DOS) if an attacker starts sending random tokens for authentication at a high rate.