3

While traveling and having to interact with a number of broken captive portal implementations I've overheard other passengers having usability issues with iPads, Phones, computers depending on the captive portal technology being used.

E.g. Captive portals with a pop-up window, vs ones without such a pop-up, seem to be more problematic.

  • What is the most reliable approach to implementing a captive portal "session" between one user with one device, and one user with multiple devices? Is it a cookie, or MAC that maintains the session?

It seems that some of the portals that support more than one active device per session introduces a whole new set of interoperability challenges, and therefore the best way to maintain a session is different.

makerofthings7
  • 9,081

1 Answers1

2

It would be based on a MAC address. Basing it on a cookie would not work, as the cookie would not be presented to the access-point (etc.), but based on the DNS name of the domain they are currently viewing. It would also prevent things like email (not webmail) working.

The difficult part is how to effectively present the authorisation part of the portal, and what limitations there are in a sign-in screen (may be no cookies, no javascript....), and how to maintain the session. Filtering the traffic based on the MAC address is the norm, but a cookie might also be present in the sign-on page, and that can present problems because the the widely varying way that captive-portal detection is done/supported in the various devices.

This page seems very informative: http://blog.tanaza.com/blog/bid/318805/iOS-7-and-captive-portal-a-guide-to-captive-portal-requirements and so does http://blog.erratasec.com/2010/09/apples-secret-wispr-request.html#.VBismfmSzrk

So in answer to your question; some parts are fairly consistent, but the user-experience (and how to drive that experience) is ripe for some standardisation of behaviour (which is what WISPr is doing, which is a draft protocol put out by the WiFi Alliance: http://en.wikipedia.org/wiki/WISPr)

Cameron Kerr
  • 4,239