Starting from version 94 Chrome block any requests to private networks from insecure public websites[1] and this new behavior interfere with the captive portal authentication flow.
An authenticated user at the end of the authentication process, request access to the internet by making a call to the local coova-chilli
instance, and this communication is no longer possible.
Device authentication occurs via a daemon, which runs on the hotspot unit and authenticates the devices after making a request to the hotspot server. The devices, and therefore the users, who have a verified authentication on the server side, are also authenticated on the hotspot unit.
After an user has been authenticated with success via one of login methods (Instagram, Facebook, LinkedIn, Email, SMS, Voucher) the captive portal creates a valid record in the database on table daemon_auths
for that user, the daemon reads that record and the authentication is done.
The daemon uses:
/aaa/auth
API to get the list of users to authenticate
The captive portal uses:
/aaa/login
: to create a login record on database (this is the record used to autheticate)
/aaa/logout
: to create a logout record on database (used to track the login worflow)
/aaa/temp
: to create a temp record on database (used to create a temporary session for Email login)
The records on the database are cleaned with a cron running every day. This is used when an user does not complete the authentication flow and the records on table remain dirty.
Proposed solutions are:
[1]https://developer.chrome.com/blog/private-network-access-update