Mac-Cookie and Logging in

RouterOS General
1

So I have been trying to dig up information about Mac-Cookies, however am coming up a little short.

The Hotspot Manual has this…
"
MAC Cookie

MAC cookie is a new hotspot feature, designed to improve accessibility for smartphones, laptops and other mobile devices.

When MAC cookie feature is enabled (login-by=mac-cookie, add-mac-cookie=yes set in user profile), following actions are taken:
first successful login. Mac cookie keeps record of username and password for the MAC address if there is only one host with such MAC. Cookie timeout is set to value equal to mac-cookie-timeout.

new host appears. Hotspot checks if there is a mac cookie record for the MAC address and logs in host using recorded username and password. If there is more than one host with the same MAC address, user will not be logged in and MAC cookie record for this address will be deleted.

When user logs out mac cookie is removed in following cases:
user-request - user clicked on logout button.
admin-reset - disconnected from radius server or user is removed from hotspot active menu
nas-request - traffic limit reached
session-timeout
"

I am Wondering under which circumstances the Mac-Cookie then actually persists - if removing a user, user logout and session timeout all remove the cookie - what other ways of disconnecting from “Active” requires a login that Mac-Cookie can Supply.

Would be very helpful to my scripting as I am currently creating a system that creates and kicks a user to assign properties that I wish for them to have, that they cannot get from regular trial settings. On PC, and most Android, this system currently works a treat, due to having to go to a real web page to “log in” and being given a regular http-cookie - however, Mac, iOS, WP7/8/8.1 and New Android take you to a “Login Page” independent of browser and not appearing to store the Http-Cookie.

Sites with a Button Click Trial is easy, it displays again and then is just clicked again - access allowed - But Event Sites and the likes, sometimes we would like to track - email addresses and such (enter e-mail, click to proceed) - so leaves people having to Double enter e-mail address when on these (once on the connected popup, and again on the web page).

Any info as to how exactly I can get Mac-Cookie to stick around, to add a Mac-Cookie, or even better to Add and “Active” User, would be awesome.

2

If you’re sending users to a remote page anyway (e.g. a web server where you collect their email), you can use the web server to generate a new account via the API protocol, and then redirect them to the hotspot, with the new username and password attached to the URL. The new user should be given to a profile where on logout, the username will be deleted.

3

Cheers boen_robot, this is 100% correct. We happened to be talking about this scenario today, strangely enough… Problem for this is I am not a web guy, and always really hated programming (scripting on RB takes up too much of my life, gaaaaarrrrrhhh… :stuck_out_tongue:) have actual got the boss to get our web guy to look into the potential - due to the fact I don’t just want a user, but some other variables that are only available via script or full radius (which is there, but another kettle of fish)

Again, input appreciated, will keep all posted to progress.

4

To anyone who is interested - I Cracked it…

Mac-Cookie Persists if “Host” is removed. Also, if “Host” is removed from Hotspot, yet the device remains connected to the Hotspot Network (via Wireless or Cable) - the Next time the Device pumps through activity on the network, the host is re-added, and the Mac-Cookie activates. In every case I have tried this so far - this happens as soon as the Host is Removed.


This has Allowed me to Do some cool things with On-Login Scripting. Am Hoping to Release info of some improvements i have made to the way that “No-External-Radius” admins Assign Data usage to guests. When i confirm a few more things I will put it up in a New Topic and Link it here

5

Hello,

I am having similar challenge to what you described in your first post on this thread. We run a hotspot service and we are trying to use Mac-Cookie login but its just not working. Also, I have similar issues with the cookie persistency criteria as described on the Wiki page, it just doesn’t make sense as there is no scenario where the cookie then works. You said you finally got it working so I want to know if it still working or not and if yes, how did you manage to do it. I have set the hotspot for mac-cookie in server profiles and also ticked “Add mac-cookie” on the user profile. However, I am never logged in automatically. Please help.

6

Sorry i didn’t reply sooner - been off the chain Busy.

Yes, it all still works well. As mentioned in the Comment above yours - if you remove the “Host” in the Hotspot (/ip hotspot host) - you will remove the Active user by default, however becaues the User was not logged out by any means - it just failed to be there any more - therefore the MAC-Cookie stays in place and the hotspot will automatically log the client back in on the next time that data is passed through - and on most devices, that is when their CNA reprobes for network connectivity
easy was is to try it. Have a hotspot, log in and remove you host - then try to put traffice through - you’ll be pleasantly suprised :slight_smile:

7

And this is the one place i forgot to add the Link to the Scrip I Created - Sorry Guys.

http://forum.mikrotik.com/t/hotspot-data-limits/90475/1

This will allow Trial access with set data limits. The Code for the Multiple HS version of the script has been in production for months now - no issues :smiley:

Good luck to all. We have now moved to a new Radius that handles this stuff server side, as boen_robot mentioned above, but hopefully this knowledge helps.

8

I want to know that why In cookies list there are 2 cookies genrating of one single user