Re: [m0n0wall] captive portal logout w/poppup blockers?

From:	A dot L dot M dot Buxey at lboro dot ac dot uk
To:	Jesse Guardiani <jesse at wingnet dot net>
Cc:	m0n0wall at lists dot m0n0 dot ch
Subject:	Re: [m0n0wall] captive portal logout w/poppup blockers?
Date:	Mon, 22 Nov 2004 10:19:39 +0000

Hi,

> Captive portal is really a neat feature. However,
> in brief testing, I noticed that the poppup blocker
> in Firefox:
> 
> a.) blocked my logout poppup
> b.) saw the logout poppup as coming from www.google.com,
>     instead of my firewall's IP.
> 
> Perhaps this feature is already in the beta version,
> but it would be nice to have a web page URL on the
> firewall that users can be pointed to if they need
> to logout.
> 
> And also it would be nice to have an administrative
> page where the admin can view currently auth'd users
> and log them out manually.
> 
> And does anyone have any ideas on how to work around
> poppup blockers?

interesting. I've just checked with my browsers.... Firefox
does block the popup - as you say - but without a warning.
However, when allowed, the title says 'logout' 

yes, this is the problem with popups


The PopUp logout window simply calls  monowall:8001/ with a logout directive
ID in the submit field, you could have the somehow linked from somewhere else...
or you might be a little more evil^H^H^H^H^H^Hcrafty and make the login page 
be trapped in a frame - thus their main browser session runs in a frame underneath
a banner with the logout button..perhaps even your logo etc

Alan