Protocols (Was: HTTP)
John H. Robinson, IV
jhriv at ucsd.edu
Mon Dec 9 12:00:42 PST 2002
John H. Robinson, IV wrote:
> Bob La Quey wrote:
> >
> > Persistent connection is fine and useful. Keep alive provides
> > it. What really is your problem?
>
> does it, really?
i tested. no, really, it does not.
--script 1--
POST /index.pl/home HTTP/1.1
Host: www.kernel-panic.org
Connection: keep-alive
Referer: http://www.kernel-panic.org/index.pl/home
Content-type: application/x-www-form-urlencoded
Content-length: 42
op=login&username=kalive&identifier=kalive
--script 1--
--script 2--
GET http://www.kernel-panic.org/index.pl/quick_calendar HTTP/1.1
Host: www.kernel-panic.org
Connection: keep-alive
Referer: http://www.kernel-panic.org/index.pl/home
--script 2--
what to do:
telnet or netcat to port 80 on the www.kernel-panic.org server.
type in script 1 verbatim. the server will then spew out a webpage.
please notice the following blurb:
Logged in as: <a href="/index.pl/home?op=displayAccount">kalive</a>
then type in, verbatim, script 2. the server will then spew out another
webpage (we are simulating clicking on a link). please notice the
following blurb:
Logged in as: <a href="/index.pl/quick_calendar?op=displayAccount">Visitor</a>
the astute will notice that the server at first spewed out a cookie,
that we conveniently ignored. why? because the excercise was to get AWAY
from the KLUDGE that is a COOKIE.
suffice to say: http has no idea of persistent connections.
http is insufficient for application front ends that need to be aware of
state (read: anything that requires authentication)
'nuff said.
-john
More information about the KPLUG-List
mailing list