[ previous ] [ next ] [ threads ]
 From:  A dot L dot M dot Buxey at lboro dot ac dot uk
 To:  Jesse Guardiani <jesse at wingnet dot net>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] captive portal logout w/poppup blockers?
 Date:  Mon, 22 Nov 2004 10:19:39 +0000

> Captive portal is really a neat feature. However,
> in brief testing, I noticed that the poppup blocker
> in Firefox:
> a.) blocked my logout poppup
> b.) saw the logout poppup as coming from www.google.com,
>     instead of my firewall's IP.
> Perhaps this feature is already in the beta version,
> but it would be nice to have a web page URL on the
> firewall that users can be pointed to if they need
> to logout.
> And also it would be nice to have an administrative
> page where the admin can view currently auth'd users
> and log them out manually.
> And does anyone have any ideas on how to work around
> poppup blockers?

interesting. I've just checked with my browsers.... Firefox
does block the popup - as you say - but without a warning.
However, when allowed, the title says 'logout' 

yes, this is the problem with popups

The PopUp logout window simply calls  monowall:8001/ with a logout directive
ID in the submit field, you could have the somehow linked from somewhere else...
or you might be a little more evil^H^H^H^H^H^Hcrafty and make the login page 
be trapped in a frame - thus their main browser session runs in a frame underneath
a banner with the logout button..perhaps even your logo etc