3

While traveling and having to interact with a number of broken captive portal implementations I've overheard other passengers having usability issues with iPads, Phones, computers depending on the captive portal technology being used.

E.g. Captive portals with a pop-up window, vs ones without such a pop-up, seem to be more problematic.

  • What is the most reliable approach to implementing a captive portal "session" between one user with one device, and one user with multiple devices? Is it a cookie, or MAC that maintains the session?

It seems that some of the portals that support more than one active device per session introduces a whole new set of interoperability challenges, and therefore the best way to maintain a session is different.

makerofthings7
  • 8,911
  • 34
  • 121
  • 197
  • 1
    @Closer / downvoter- yet another reason I get quickly tired of this site. What part of this question makes it seem to not be "professional"? Must I give you the corporate scenario that we're using this for? Irrelevant, and the downvoter is one of the detractors of the site. Do you work for Quora? – makerofthings7 Sep 16 '14 at 21:47
  • 1
    Yes. This is a site for _professional_ system administration, and so questions must be obviously relevant to that. – Michael Hampton Sep 16 '14 at 23:51
  • @MichaelHampton I've been in the IT Ops, Engineering industry for 20+ years. Worked at MSFT, HP, ADP and many other large orgs as a Sr. Engineer. How can this be considered a non professional question? Regardless, asking how something works, at a technical level, is pretty clear to me. The rationale and culture of this site still eludes me. – makerofthings7 Sep 17 '14 at 13:38
  • @makerofthings7 - look at the FAQ. http://serverfault.com/help/dont-ask "You should only ask practical, answerable questions based on actual problems that you face. Chatty, open-ended questions diminish the usefulness of our site and push other questions off the front page." This question could be considered iffy on that criteria. It doesn't sound like you're trying to implement one, so what problem are you facing? – mfinni Oct 14 '14 at 15:59

1 Answers1

2

It would be based on a MAC address. Basing it on a cookie would not work, as the cookie would not be presented to the access-point (etc.), but based on the DNS name of the domain they are currently viewing. It would also prevent things like email (not webmail) working.

The difficult part is how to effectively present the authorisation part of the portal, and what limitations there are in a sign-in screen (may be no cookies, no javascript....), and how to maintain the session. Filtering the traffic based on the MAC address is the norm, but a cookie might also be present in the sign-on page, and that can present problems because the the widely varying way that captive-portal detection is done/supported in the various devices.

This page seems very informative: http://blog.tanaza.com/blog/bid/318805/iOS-7-and-captive-portal-a-guide-to-captive-portal-requirements and so does http://blog.erratasec.com/2010/09/apples-secret-wispr-request.html#.VBismfmSzrk

So in answer to your question; some parts are fairly consistent, but the user-experience (and how to drive that experience) is ripe for some standardisation of behaviour (which is what WISPr is doing, which is a draft protocol put out by the WiFi Alliance: http://en.wikipedia.org/wiki/WISPr)

Cameron Kerr
  • 4,069
  • 19
  • 25