Client sticky (seamless relogin)
Upon first successful login by a user (from a specific device), the user can relogin without having to be prompted to login again, during the account validity period. This feature offers seamless user experience, particularly important for hotel guests.
mbox(config)# security hotspot <LANIF>
- client-sticky start <days> This option keeps the user session for <days> by counting from first use/start (upon first time login)
- client-sticky last <days> This option keeps the user session for <days> by counting from last use (since last logout)
- client-sticky clean This command resets all stored sticky data (therefore users all require to re-login again)
- client-sticky-vlanlist <vlan10,vlan20....> This command allows clients to roam across different vlans without having to relogin again. eg. if user already login to vlan10, when he roams into vlan20, mbox will auto login him in without user having to manually login from captive portal page again.
The sticky session data can be found in RADIUS database. "HOTSPOT USERS --> User Sessions --> Sticky Sessions"
- "client sticky" only works for on-premise deployment design, having HSG as local gateway. (for cloudx design, with HSA as local mini-hotspot gateway, we must use "portal sticky" to achieve seamless relogin).
- "client sticky" is completely seamless so there's no option to redirect user to external landing URL (marketing pages) upon seamless relogin.
- For the "client sticky", when return user gets IP address and initiates a connection across HSG (can be web or non-web connection), HSG will lookup its "MAC <---> username" mapping in the "sticky session" table, and on-behalf of user to authenticate with RADIUS before captive portal kicks in (autologin at background). So this bypasses portal login process and appear to be "seamless" to users but there's still an authentication process. RADIUS still tracks each connection/session info for analytics, and enforces the respective access policy (speed, time, and quota etc), eg. if the user account is expired, login will fail and user will be prompted back with the landing page to login again.
- Sometime when there are large amount of users connecting back to HSG (eg. after an outage of Wi-Fi network, when Wi-Fi recovers and all users are connecting back again, the autologin process may be "slower" to some users (the captive portal/splash page kicks in faster than autologin), then these users will still be prompted with portal login. To overcome this, we can use "client-sticky" in combination with "portal sticky" feature.