Managing Security for Public Wireless LAN Applications

You can include in a residential portal a Web page that automatically refreshes itself and provides a keepalive application that verifies the HTTP session. If the keepalive application cannot verify the HTTP session, the portal terminates the subscriber session. This feature improves security for public wireless LAN applications.

If you include this Web page in a residential portal, the following sequence of events occurs:

  1. When a subscriber logs in through the portal, the SRC software starts the keepalive application.
  2. The keepalive application creates a session key and sends it to the residential portal.
  3. The residential portal stores the session key in its corresponding HTTP session.
  4. The keepalive application sets the timeout for the subscriber session to a value greater than the refresh time.
  5. When the Web page refreshes itself, the keepalive application sends the session key to the residential portal.
  6. The portal responds as follows:
    • If the session key matches the value in the portal’s HTTP session, the portal updates the timeout for the subscriber session, creates a new session key, and sends the new key to the keepalive page.
    • If the session key does not match the value in the portal’s HTTP session, the portal terminates the subscriber session.
  7. If the Web page does not refresh itself before the timeout expires (for example, if the subscriber closes the Web browser or turns off the PC without logging out), the portal terminates the subscriber session.