02-05-2021 08:44 AM
Smart Zone 100 only allows you to set the Session Timeout for the Web Authentication Service (Captive Portal) to 14400 minutes or 10 days. This is a downgrade to Zone Director which used to allow 100 day timeout. We are a school system and forcing the teachers to authenticate every 10 days is not practical. Additionally, the authentication needs to be persistent. For example, if a user travels to another site and connects to their ssid, then the authentication to the web authentication service does not hold it's setting and the user must reauthenticate even before the 10 day period is up. Would it be possible for the smart zone to hold the authentication for the period of time specified.
02-09-2021 11:31 AM
Could you confirm if you are referring Session timeout or Grace period?
Also confirm what SZ version you are comparing with ZD.
As per system design, if a client connects to any other SSID which is running from same controller, previous grace period (for the previous SSID) will be set to zero and client have to re-auth.
02-09-2021 11:37 AM
I am referring to the session timeout limit of 10 days in Smartzone 100's. We have Smart Zone 144's to be specific. We were using Zone Director 5000's and they had the capability to set this limit to 100 days.
I've extended the grace period to max to hopefully prevent the need for reauthentication if a client joins their laptop to their home wireless and then returns to work the next day.
I have been unwilling to deploy this to our users yet, as these settings make it very inconvenient for them.
02-09-2021 11:47 AM
I think you are getting confused between session timeout vs grace period.
Refer the detailed info below.
Session Timeout: Set a time limit (in minutes) after which users will be disconnected from the portal and will be required to log on again.
Grace Period: Set the time period (in minutes) during which disconnected users are allowed access to the portal without having to log on again.
Session timeout is how long the client can access the Internet via WLAN after login, and cannot be disabled.
When client logins via portal, AP gets the session start time from SCG and counts session expiration time.
AP will disconnect client and client will be required to login again if session timeout period is reached.
For Example: Client logins to portal at 9AM. Session timeout is 35 minutes. They will be disconnected at 9:35AM.
The client needs to login again after it reconnects to AP.
Grace Period information: If client disconnects from AP at 9:10AM and reconnects to WLAN after 9:11AM, they need to login again.
They do not need to login again if they reconnect to AP before the end of the (1 minute) Grace Period, or by 9:11AM.
02-09-2021 12:09 PM
Yes. I am aware of the difference between the two periods. The feature request is to make the Session timeout longer so as to not force my users to have to reauthenticate every 10 days. I'd be happy with 30 days at this point.
I've adjusted the grace period to prevent my users from having to authenticate each day. They bring their laptops home at night, so they would need to authenticate every morning if the grace period was set to less than 16 hours.
The reasoning for the request is to discourage students from joining Staff SSID's through android and apple key sharing apps. If a student was forced to authenticate to the compromised ssid they may think twice about it since they will be dealt with by the administration.