Full Internet connectivity with expired voucher

nothing

PFS 2.1 64bit
I've noticed it accidentally - The client computer has full access to Internet with expired voucher:
The user exist in "Active Users" tab with session created more than 10 days ago (the voucher is 1week).
Testing the voucher says - expired?! The client is not prompted to enter voucher code - it just works. Killing the firewall states doesn't make any difference. I also have hard timeout set to 360 minutes.

I don't want to restart any service before finding the reason for this to happend - quite serious security issue.
Any suggestions where to look?

mikenl

Could you execute this command:
ps ax | grep minicron

Maybe the same problem
http://forum.pfsense.org/index.php/topic,67739.0.html

nothing

51492  ??  Is    0:00.00 /usr/local/bin/minicron 240 /var/run/ping_hosts.pid /usr/local/bin/ping_hosts.sh
51866  ??  S      0:03.81 minicron: helper /usr/local/bin/ping_hosts.sh  (minicron)
52202  ??  Is    0:00.00 /usr/local/bin/minicron 3600 /var/run/expire_accounts.pid /etc/rc.expireaccounts
52799  ??  I      0:00.24 minicron: helper /etc/rc.expireaccounts  (minicron)
52866  ??  Is    0:00.00 /usr/local/bin/minicron 86400 /var/run/update_alias_url_data.pid /etc/rc.update_alias_url_data
53096  ??  I      0:00.01 minicron: helper /etc/rc.update_alias_url_data  (minicron)

However, on the slave node I have two extra lines:

46536  ??  Is    0:00.00 /usr/local/bin/minicron 60 /var/run/cp_prunedb_cpzone.pid /etc/rc.prunecaptiveportal cpzone
46718  ??  I      0:14.54 minicron: helper /etc/rc.prunecaptiveportal cpzone (minicron)

Wonder how they have disappeared from the master node!?
As I knew it would happen - clicking Save on Captive Portal settings fixed it…
Now I should make another cron job to watch over this minicron job and send alerts if it disappears again.