When accessing the Captive Portal via a HTTP proxy (squid), all it takes
is for one user to enter a valid userid and password tuple to enable ALL
users to access the web. This is because Captive Portal filters on IP
address (which turns out to be the Squid proxy).
Is it possible in future releases to have a configuration option in the
Captive Portal setup to enable the Captive Portal to set a cookie to
identify users who have logged in through a proxy. If the user chooses
to disable cookies, she/he would be forced to login to the portal for
each web page visited.
For now, I have disabled the squid proxy so that Captive Portal works.
This is not a long-term solution, at some time I will be forced to
re-enable Squid and then lose the Captive Portal.