Issue #722 resolved

Handling bad POST retries from IE6/IE7

Christian Wyglendowski
created an issue

See [http://support.microsoft.com/kb/831167 this KB article] for the MS version of the story.

In a nutshell, if the connection is reset when IE is in the middle of a POST, it will retry the POST without confirmation, but '''without the message body.''' This causes the CP WSGI server to hand the request off to the CP WSGI application, which times out while trying to read the non-existent POST body.

Here is a diagram of the flow/state of the conversation:

{{{ Client CherryPy Server sends POST req ---> <--- Socket idle timeout (default 10 secs) (FIN)

receives FIN <---

sends ACK --->
---> Receives ACK, socket to FIN_WAIT_2

                        ---> Receives POST from above on closed socket

                        <--- sends RST

Receives RST <---

(socket is closed)

resends POST headers only --->
---> Receives POST headers FieldStorage object times out attempting to read non-existant message body <--- Sends 500 response

}}}

Comments (8)

  1. Christian Wyglendowski reporter

    Really, I don't know what exactly CP should do in this situation, if anything. The two MS workarounds (set keep-alive timeout to >60 secs or disable keep-alive) are sub-optimal. Really though, since it is a client-side issue, those are the only two ways you can really prevent the error on the server-side.

    Maybe the server should "fail fast" in the POST-resend-without-body situation instead of waiting to timeout, but it seems like it would be messy at best to handle something like that.

  2. Anonymous

    I'm surprised it doesn't fail anyway as I assume the second post as a content-length header of 0 which should make CP work accordingly. Christian, do you have any trace at hand?

  3. Robert Brewer

    Sylvain Hellegouarch: yes, the second POST includes a Content-Length, but doesn't send the request entity.

    The KB article now contains a patch for IE users. There's nothing we can really do to fix this problem on our end without making the server stateful.

  4. Log in to comment