C

3 Messages

 • 

90 Points

Fri, Feb 5, 2021 4:44 PM

0

Feature Request - Allow Web Authentication service to set Session Timeout to longer than 10 days

Feature Request

Smart Zone 100 only allows you to set the Session Timeout for the Web Authentication Service (Captive Portal) to 14400 minutes or 10 days.  This is a downgrade to Zone Director which used to allow 100 day timeout.  We are a school system and forcing the teachers to authenticate every 10 days is not practical.  Additionally, the authentication needs to be persistent.  For example, if a user travels to another site and connects to their ssid, then the authentication to the web authentication service does not hold it's setting and the user must reauthenticate even before the 10 day period is up. Would it be possible for the smart zone to hold the authentication for the period of time specified.  

Official Rep

 • 

1.2K Messages

 • 

17K Points

8 m ago

Hi Cliff,

Could you confirm if you are referring Session timeout or Grace period?

Also confirm what SZ version you are comparing with ZD.

As per system design, if a client connects to any other SSID which is running from same controller, previous grace period (for the previous SSID) will be set to zero and client have to re-auth.

3 Messages

 • 

90 Points

I am referring to the session timeout limit of 10 days in Smartzone 100's.  We have Smart Zone 144's to be specific.  We were using Zone Director 5000's and they had the capability to set this limit to 100 days.  

I've extended the grace period to max to hopefully prevent the need for reauthentication if a client joins their laptop to their home wireless and then returns to work the next day.  

I have been unwilling to deploy this to our users yet, as these settings make it very inconvenient for them.  

Official Rep

 • 

1.2K Messages

 • 

17K Points

Hi Cliff,

I think you are getting confused between session timeout vs grace period.

Refer the detailed info below.

Session Timeout: Set a time limit (in minutes) after which users will be disconnected from the portal and will be required to log on again.

Grace Period: Set the time period (in minutes) during which disconnected users are allowed access to the portal without having to log on again.
 
Definition

Session timeout is how long the client can access the Internet via WLAN after login, and cannot be disabled.

When client logins via portal, AP gets the session start time from SCG and counts session expiration time.

AP will disconnect client and client will be required to login again if session timeout period is reached.

For Example: Client logins to portal at 9AM. Session timeout is 35 minutes.  They will be disconnected at 9:35AM.
The client needs to login again after it reconnects to AP.

Grace Period information: If client disconnects from AP at 9:10AM and reconnects to WLAN after 9:11AM, they need to login again.
They do not need to login again if they reconnect to AP before the end of the (1 minute) Grace Period, or by 9:11AM.

(edited)

Regards,

Syamantak Omer

Official Rep | Staff TSE | CWNA | CCNA | RASZA | RICXI

Follow me on Linkedin

3 Messages

 • 

90 Points

Yes.  I am aware of the difference between the two periods.  The feature request is to make the Session timeout longer so as to not force my users to have to reauthenticate every 10 days.  I'd be happy with 30 days at this point.  

I've adjusted the grace period to prevent my users from having to authenticate each day.  They bring their laptops home at night, so they would need to authenticate every morning if the grace period was set to less than 16 hours.  

The reasoning for the request is to discourage students from joining Staff SSID's through android and apple key sharing apps.  If a student was forced to authenticate to the compromised ssid they may think twice about it since they will be dealt with by the administration.  

2 Messages

 • 

70 Points

Just to clarify for my understanding. Let's assume the Session Timeout is maxed out to 14400 (10 days) and the Grace Period is set to 14399.

User Authenticates to portal on Monday at 8 AM and is associated for 1 hr. They then leave and do not come back until the following Monday at 8 AM. My understanding is with those values they do not need to auth again. Now that same User leaves and comes back that Friday. Do they need to re-auth at that point?

Important Announcement