With OpenSSL the session cache is bound to the SSL context. In FileZilla Server, each control connection has its own SSL context which, including cache, gets destroyed when closing the control connection.Session IDs [...] To support session resumption via session IDs the server must maintain a cache that maps past session IDs to those sessions’ secret states. The cache itself is the main weak spot, stealing the cache contents allows to decrypt all sessions whose session IDs are contained in it.
If an attacker can read the session cache the system is already compromised. There is no reason to assume that the attacker cannot read everything else. With the cache existing only while the control connection is alive, the attacker can at that point just as well read the connection's private key from the active session without bothering the cache.
Again, the server's secret state including the ticket keyis bound to the context. If the control connection gets destroyed, the secret is lost and past tickets lose their validity. While I can't speak for all clients, FileZilla Client too forgets about its session ticket if the control connection gets closed.Session Tickets [...] The second mechanism to resume a TLS session are Session Tickets. This extension transmits the server’s secret state to the client, encrypted with a key only known to the server. That ticket key is protecting the TLS connection now and in the future and is the weak spot an attacker will target.