2011-08-09 - Re: [GRASE-Hotspot] [ grase-Bugs-3334494 ] Allow multiple simultaneouslogins with the same user account

Header Data

From: silverio <SS***s@web.de>
Message Hash: 54aeefeb0ff7f5e5f586c7e7ed5ffbbdbea23500f8f868de9d83247258458381
Message ID: <8d79386322d66ad0df9fc77648b4d8ca@ssantos.dyndns.info>
Reply To: mid:162
UTC Datetime: 2011-08-09 03:32:41 UTC
Raw Date: Tue, 09 Aug 2011 12:32:41 +0200

Raw message 

Hi Tim,

I downloaded version 3.4 and tested if the user account can be used 
twice at the same time. It was not possible, as expected; however, only 
a popup-window appeared, without an error message.

Brgds
Silvério

On Wed, 03 Aug 2011 20:25:21 +1000, SourceForge.net wrote:
> Bugs item #3334494, was opened at 2011-06-27 00:39
> Message generated for change (Comment added) made by linuxalien
> You can respond by visiting:
> 
> https://sourceforge.net/tracker/?func=detail&atid=1156988&aid=3334494&group_id=272134
>
> Please note that this message will contain a full copy of the comment 
> thread,
> including the initial issue submission, for this request,
> not just the latest update.
> Category: None
> Group: None
>>Status: Pending
> Resolution: Accepted
> Priority: 4
> Private: No
> Submitted By: Silvério Santos (pugorg)
> Assigned to: Timothy White (linuxalien)
> Summary: Allow multiple simultaneouslogins with the same user account
>
> Initial Comment:
> It is possible to login and have access from different computers
> using the same username and password. The expected behaviour should 
> be
> to use one username from only one computer and to show an error
> message to the others telling the account is already in use.
>
> 
> ----------------------------------------------------------------------
>
>>Comment By: Timothy White (linuxalien)
> Date: 2011-08-03 20:25
>
> Message:
> I've added code in for this now. Just waiting some testing (see 
> mailing
> list) to make sure it works as intended. Still need to work on stale
> session clearing. Currently, Coova Chilli (the part that handles the
> captive portal) is good at clearing stale sessions when it's 
> restarted due
> to a crash, so hopefully it's only major crashes that will cause a 
> user to
> be locked out. If for example a computer crashes so they can't 
> logout, then
> I believe Coova Chilli will log them out automatically at the 5 or 10
> minute mark.
>
> 
> ----------------------------------------------------------------------
>
> Comment By: Silvério Santos (pugorg)
> Date: 2011-07-16 00:35
>
> Message:
> I intend to use GRASE to control unpayed access to the Internet, but 
> to
> strictly allow access to one account on one computer at a time for a
> defined amount of time. For me it is necessary that every person 
> needing
> access has to fetch his own username/password combination.
> I am not much into RADIUS and I haven't had the time to look for the
> disallow multiple logins RADUIS option and all of its consequences, 
> so
> allow me to ask you this: Would a sudden (system crash with 
> successful
> reboot) or planned (e.g. for lunch) shutdown of the computer still 
> allow to
> reconnect? What if the user logs out and retries logging in on the 
> same
> machine? FYI: the way EASYHotspot did was exactly the expected, 
> although I
> am not aware of how it was achieved.
>
> 
> ----------------------------------------------------------------------
>
> Comment By: Timothy White (linuxalien)
> Date: 2011-06-29 09:52
>
> Message:
> The default behavior of CoovaChilli is to allow logins that RADIUS 
> allows.
> The default behavior of RADIUS is to allow multiple logins. It's a 
> simple
> change to prevent multiple logins, however it can bring other issues 
> to
> ensure that a user who is logged out accidently (i.e. computer 
> crashed, so
> moved onto another one) can log back in within a reasonable amount of 
> time.
> Currently stale sessions are only cleared hourly.
>
> What I'll look at doing is setting it up to limit logins based on 
> when the
> last session was active. CoovaChilli is setup (I will check) to send
> accounting data every 5 minutes, so we can assume if a session hasn't 
> been
> updated after say 6 minutes to consider it stale and allow login. 
> Then I
> need to ensure the reject message for multiple logins states that 
> they need
> to wait 5 minutes and try again (as well as checking for other 
> computers
> logged in as them). Lastly, it's a simple checkbox in the GUI to 
> enable or
> disable simultaneous logins. If we set it up to disabled by default, 
> with a
> warning that if you enable simultaneous logins that data limits and 
> time
> limits can be longer than expected if a user is logged in twice. 
> (Although,
> I do have a method for changing this during a session so that for 
> example,
> with simultaneous use the time is used up twice as fast than with 1
> session).
>
> 
> ----------------------------------------------------------------------
>
> You can respond by visiting:
> 
> https://sourceforge.net/tracker/?func=detail&atid=1156988&aid=3334494&group_id=272134

Thread