[isf-wifidog] Possible problem with Laika

Philippe April isf_lists at philippeapril.com
Lun 7 Mar 07:22:12 EST 2005 

On Mon, Mar 07, 2005 at 01:15:39AM -0500, Benoit Grégoire wrote:
> On Sunday 06 March 2005 22:55, Philippe April wrote:
> > It's not complicated but still a little hack.
> >
> > Session cookie, or passing variables in URL.
> >
> > Now, let's imagine a scenario where the user gets forwarded to the
> > login page (with the gw_address and all in the URL), clicks 'here' to
> > create an account.
> >
> > I can either pass the address + port through that URL (GET), or put it
> > in a session cookie.
> >
> > If the user doesn't have cookies enabled, it won't work (ok, I think
> > it's required anyway for the whole thing to work).
> >
> > If the user signs-up at ilesansfil.org.
> >
> > He can be at a hotspot, or not.
> >
> > If he's not, then he should be given a 'We're sending you a validation
> > email, please validate then go to any ISF hotspot, thank you.
> >
> > If he is but went though ilesansfil.org (the user is smart, he saw
> > www.ilesansfil.org as the SSID, so thought it'd be good to go there),
> > we should detect that he's from the IP x, therefore this hotspot.
> >
> > Only thing (DB change), we'd need to store the gw_port in the BD with
> > the address (we do that already). It should be pushed by WiFiDog,
> > perhaps in the ping_thread.c.
> >
> > I think I'd go for session cookie to pass the variables since I tend to
> > try to avoid parameters passed in GET method, it's not very pretty.
> >
> > What do you think?
> 
> I think you're right that we should use server side session.  But I think you 
> are over-complicating things for the logic.  No need to figure out which ip 
> and all.  Just remember the token in the session.  If it is set, you know 
> he's at a hotspot. If not, he isn't.

I know it's silly but that's for the case when the user is in the hotspot, not logged in.

ie. person opens his laptop, goes to www.ilesansfil.org (eventually this
will be open since it'll be on the same machine as the auth server),
clicks on "sign-up".

How would we know he's from a hotspot?

Rare case, but it could happen.

Also, I played around to make session cookies last a day or so
because otherwise it'd get destroyed on closing browser, but it didn't
work on my dev auth server.

-- 
Philippe April
GnuPG: http://key.philippeapril.com/
Skype ID: mousetrap

Plus d'informations sur la liste de diffusion WiFiDog