That’s the normal behavior.

Captive portals on routers use http redirect. If an unauthenticated client requests a website, DNS is queried by the browser and the appropriate IP resolved as usual. The browser then sends an HTTP request to that IP address. This request, however, is intercepted by the router and forwarded to a redirect server. This redirect server responds with a regular HTTP response which contains HTTP status code 302 to redirect the client to the Captive Portal. To the client, this process is totally transparent. The client assumes that the website actually responded to the initial request and sent the redirect.

In case of https, interception is not possible, because it would break the security of the layer.

To avoid having issues and to give the best possible experience to users, OS providers like Apple and Google added a function which pops up a browser window once they detect that the open Wifi requires authentication. In this case users doesn’t have to enter anything on their browsers, as the splash page will appear automatically. iOS, OSX, Android systems are already using this method.

Did this answer your question?