[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kfm-devel
Subject:    Re: [PATCH] disable keep alive connections when using SSL
From:       Matthias Welwarsky <matze () stud ! fbi ! fh-darmstadt ! de>
Date:       2002-03-31 20:04:56
[Download RAW message or body]

Dawit A. wrote:

> On Sunday 31 March 2002 03:23, Matthias Welwarsky wrote:
>> Waldo Bastian wrote:
>> > I think the better solution would be to make sure that non-idempotent
>> > methods (basically everything but GET) should start a new connection.
>> > (Patch attached)
>>
>> I've attached a modified patch that also closes the connection before a
>> GET if the request carries a query.
> 
> No, this will immediately make the idea of persistent connections almost
> useless in my opnion.  How many websites today are dynamically generated ?
> Many.

This is bad luck then, and only shows that persistent connections is just 
another stupid hack to make http do things it wasn't invented for.  

> Read RFC 2616 section 9.1.1 paragraph 3.  The user cannot be
> responsible for actions (s)he did not deliberatly and knowingly take.  I
> mean if you click on a link that says go to order page and you end up with
> six packages of something without inputting any data, you cannot be
> reponsible for it.

I strongly suggest to play safe here. You could also argue that it's the 
fault of the shop application not being programmed properly, but this will 
not help joe average luser if he is billed for 6 washing machines instead 
of one :) He's not going to wave with RFC 2616 before the face of a sales 
person, is he?

regards,
        Matze

-- 
Matthias Welwarsky
Fachschaft Informatik FH Darmstadt
Email: matze@stud.fbi.fh-darmstadt.de

"all software sucks equally, but some software is more equal"
[prev in list] [next in list] [prev in thread] [next in thread]