SESFASTLOGIN (JANUS DEFINE parameter)
Skip CCASTAT/external lookups on login
SESFASTLOGIN is a parameter on JANUS DEFINE, which defines and sets characteristics of a Janus port.
This parameter reduces the login security overhead for Janus Web Server threads by causing a login performed for a continued session to be a "fast" login. A fast login does no CCASTAT lookup or external authorizer (RACF, ACF2, Top Secret) lookup for the userid.
The benefits of this parameter are:
- It avoids the overhead of heavy external-authorizer login traffic for web threads, which do a login for every protected page requested. The overhead of CCASTAT lookup is also avoided for users in CCASTAT, but this overhead is usually relatively small.
- It avoids the external authorizer's logging of "last logged in" times for every page a user accesses. This presents an inaccurate picture of the time of last login, and it produces large amounts of useless external authorizer logging.
The disadvantage of setting this parameter is that access to an external-authorizer protected resource or to command privileges will only be available to the first URL request in a session.
Note: This parameter has no effect unless login sessions are being maintained by SESCOOKIE or SSLSES.
The WEBLOGHOLD parameter accomplishes many of the same things as SESFASTLOGIN, but it has the drawback that an sdaemon thread is tied up for each held login. It has the advantage that there is no difference privilege-wise between an initial user URL request and a later one.
SESFASTLOGIN is available as of Sirius Mods Version 6.5 (originally in a 6.4 ZAP).
The SESFASTLOGIN parameter is valid only for a Janus Web Server port.