SESFASTLOGIN (JANUS DEFINE parameter): Difference between revisions
Jump to navigation
Jump to search
(Created page with "{{DISPLAYTITLE:SESFASTLOGIN}} <span class="pageSubtitle"><section begin="desc" /><section end="desc" /></span> SESFASTLOGIN is a parameter on JANUS DEFINE, which defines and...") |
(Automatically generated page update) |
||
| (15 intermediate revisions by 4 users not shown) | |||
| Line 1: | Line 1: | ||
<span class="pageSubtitle">Skip CCASTAT/external lookups on login</span> | |||
<span class="pageSubtitle"> | |||
SESFASTLOGIN is a parameter on [[JANUS DEFINE]], which defines and sets characteristics of a Janus port | <var>SESFASTLOGIN</var> is a parameter on <var>[[JANUS DEFINE]]</var>, which defines and sets characteristics of a Janus port. | ||
This parameter reduces the login security overhead for <var class="product">[[Janus Web Server]]</var> threads by causing a login performed for a continued session to be a "fast" login. A fast login does no CCASTAT lookup or external authorizer (RACF, ACF2, Top Secret) lookup for the userid. | |||
The benefits of this parameter are: | |||
<ul> | <ul> | ||
<li>It avoids the overhead of heavy external-authorizer login traffic for web threads, which do a login for every protected page requested. The overhead of CCASTAT lookup is also avoided for users in CCASTAT, but this overhead is usually relatively small. | <li>It avoids the overhead of heavy external-authorizer login traffic for web threads, which do a login for every protected page requested. The overhead of CCASTAT lookup is also avoided for users in CCASTAT, but this overhead is usually relatively small. | ||
<li>It avoids the external authorizer's logging of "last logged in" times for every page a user accesses. This presents an inaccurate picture of the time of last login, and it produces large amounts of useless external authorizer logging. | <li>It avoids the external authorizer's logging of "last logged in" times for every page a user accesses. This presents an inaccurate picture of the time of last login, and it produces large amounts of useless external authorizer logging. | ||
</ul> | </ul> | ||
The WEBLOGHOLD parameter accomplishes many of the same things as SESFASTLOGIN, but it has the drawback that an sdaemon thread is tied up for each held login. It has the advantage that there is no difference privilege-wise between an initial user URL request and a later one. | The disadvantage of setting this parameter is that access to an external-authorizer protected resource or to command privileges will only be available to the first URL request in a session. | ||
'''Note:''' This parameter has no effect unless login sessions are being maintained by <var>[[SESCOOKIE (JANUS DEFINE parameter)|SESCOOKIE]]</var> or <var>[[SSLSES (JANUS DEFINE parameter)|SSLSES]]</var>. | |||
The <var>[[WEBLOGHOLD (JANUS DEFINE parameter)|WEBLOGHOLD]]</var> parameter accomplishes many of the same things as <var>SESFASTLOGIN</var>, but it has the drawback that an sdaemon thread is tied up for each held login. It has the advantage that there is no difference privilege-wise between an initial user URL request and a later one. | |||
SESFASTLOGIN is available as of | <var>SESFASTLOGIN</var> is available as of <var class="product">Sirius Mods</var> Version 6.5 (originally in a 6.4 ZAP). | ||
The SESFASTLOGIN parameter is valid only for a | The <var>SESFASTLOGIN</var> parameter is valid only for a <var class="product">Janus Web Server</var> port. | ||
== | ==See also== | ||
<ul> | |||
<li>[[List of Janus commands]] | |||
<li>[[JANUS DEFINE#parmlist|List of JANUS DEFINE parameters]] | |||
</ul> | |||
[[Category:JANUS DEFINE parameters|SESFASTLOGIN]] | [[Category:JANUS DEFINE parameters|SESFASTLOGIN]] | ||
Latest revision as of 22:23, 16 April 2013
Skip CCASTAT/external lookups on login
SESFASTLOGIN is a parameter on JANUS DEFINE, which defines and sets characteristics of a Janus port.
This parameter reduces the login security overhead for Janus Web Server threads by causing a login performed for a continued session to be a "fast" login. A fast login does no CCASTAT lookup or external authorizer (RACF, ACF2, Top Secret) lookup for the userid.
The benefits of this parameter are:
- It avoids the overhead of heavy external-authorizer login traffic for web threads, which do a login for every protected page requested. The overhead of CCASTAT lookup is also avoided for users in CCASTAT, but this overhead is usually relatively small.
- It avoids the external authorizer's logging of "last logged in" times for every page a user accesses. This presents an inaccurate picture of the time of last login, and it produces large amounts of useless external authorizer logging.
The disadvantage of setting this parameter is that access to an external-authorizer protected resource or to command privileges will only be available to the first URL request in a session.
Note: This parameter has no effect unless login sessions are being maintained by SESCOOKIE or SSLSES.
The WEBLOGHOLD parameter accomplishes many of the same things as SESFASTLOGIN, but it has the drawback that an sdaemon thread is tied up for each held login. It has the advantage that there is no difference privilege-wise between an initial user URL request and a later one.
SESFASTLOGIN is available as of Sirius Mods Version 6.5 (originally in a 6.4 ZAP).
The SESFASTLOGIN parameter is valid only for a Janus Web Server port.