[isf-wifidog] immediate user disconnect feature

[Wichert Akkerman]

Previously acv wrote:
> 	How about protecting this callback with the auth code that protects
> the status? Also, the status could maybe add a "disconnect" button for every
> connection?

The thought had occured to me. The reason I did not do that is that it
complicates the protocol a bit while was not sure that is really needed.

Haven given this a bit more thought I can see that this is useful: if
the auth server uses http instead of https (which I would expect to be a
common scenario) an attacker can sniff the token and logout the user
even after we have secured the status page.

I'll code the http authentication change tomorrow when I'm back at work.

Wichert.

-- 
Wichert Akkerman <wichert at wiggy.net>    It is simple to make things.
http://www.wiggy.net/                   It is hard to make things simple.