G
Guest
Summary
-------
When the server closes the connection on a socket where IE is currently
sending a HTTP POST, IE will resend the request on a new socket, but will
only send the HTTP headers and not the form-data. (Seen when POST uses
multipart/form-data.)
Description
-----------
We are sometimes experiencing strange IE behaviour when surfing on webapps
on our application servers. Recently I was lucky to capture the network
traffic at one of these incidents, and it looks like IE's handling of
server-initiated connection closing/reset is broken.
In our example I submit a web form using POST and multipart/form-data. IE
sends the request on an existing socket and the server immediately replies
with a FIN reply to close the socket. IE continues to send on the socket
so the server finally resets the connection.
IE then automatically opens a new socket and successfully resends the
request, but leaves out the form-data and only sends the headers.
This is what the original request looks like (corresponding to the POST
beginning in packet 1 below, 5 packets in total), some headers and data
left out:
=========================================================================
POST /protected/editStudy.do HTTP/1.1
Content-Type: multipart/form-data;
boundary=---------------------------7d512c1b60e04
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR
1.0.3705; .NET CLR 1.1.4322)
Content-Length: 4678
Connection: Keep-Alive
Cookie: <snip>
-----------------------------7d512c1b60e04
Content-Disposition: form-data; name="editObjectChanged"
true
-----------------------------7d512c1b60e04
<snip...>
-----------------------------7d512c1b60e04
=========================================================================
This is what the resent request looks like (corresponding to the POST
beginning in packet 19 below, 1 packet in total):
=========================================================================
POST /protected/editStudy.do HTTP/1.1
Content-Type: multipart/form-data;
boundary=---------------------------7d52262c60e04
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR
1.0.3705; .NET CLR 1.1.4322)
Content-Length: 4678
Connection: Keep-Alive
Cookie: <snip>
=========================================================================
As can be seen the form-data is not sent and after a 30 sec timeout the
server responds with a timeout error as it isn't getting the promised 4678
bytes.
The Ethereal capture from the client's network interface is seen below.
It has been split up per socket used (the socket on port 1184 is included
at the end for clarity even though it doesn't seem to be related to the
POSTing)
First POST from client socket on port 1183, server wants to close the
connection but IE keeps sending. Server finally resets the connection:
No. Time Src Dest Prot Info
1 0.000000 cli srv HTTP POST /protected/editStudy.do HTTP/1.1
(cliport 1183)
4 0.000811 srv cli TCP http > 1183 [FIN, ACK] Seq=0 Ack=890
Win=18120 Len=0
5 0.000912 cli srv TCP 1183 > http [ACK] Seq=890 Ack=1 Win=63492
Len=0
6 0.002693 cli srv HTTP Continuation (cliport 1183)
7 0.002992 cli srv HTTP Continuation (cliport 1183)
8 0.003268 srv cli TCP http > 1183 [RST] Seq=1 Ack=1630252331
Win=0 Len=0
9 0.003329 cli srv HTTP Continuation (cliport 1183)
10 0.003437 cli srv HTTP Continuation (cliport 1183)
11 0.003535 srv cli TCP http > 1183 [RST] Seq=1 Ack=1630252331
Win=0 Len=0
12 0.003836 srv cli TCP http > 1183 [RST] Seq=1 Ack=1630252331
Win=0 Len=0
13 0.003918 srv cli TCP http > 1183 [RST] Seq=1 Ack=1630252331
Win=0 Len=0
IE resends POST from client socket on port 1242, form-data is missing and
the server returns error after 30 secs:
No. Time Src Dest Prot Info
16 0.016378 cli srv TCP 1242 > http [SYN] Seq=0 Ack=0 Win=64512
Len=0 MSS=1460
17 0.016563 srv cli TCP http > 1242 [SYN, ACK] Seq=0 Ack=1 Win=5840
Len=0 MSS=1460
18 0.016679 cli srv TCP 1242 > http [ACK] Seq=1 Ack=1 Win=64512 Len=0
19 0.018473 cli srv HTTP POST /protected/editStudy.do HTTP/1.1
(cliport 1242)
20 0.018881 srv cli TCP http > 1242 [ACK] Seq=1 Ack=891 Win=7120
Len=0
21 30.549929 srv cli HTTP HTTP/1.1 500 Internal server Error (cliport
1242)
22 30.667116 cli srv TCP 1242 > http [ACK] Seq=891 Ack=141 Win=64372
Len=0
23 30.667414 srv cli HTTP Continuation (cliport 1242)
24 30.668228 cli srv TCP 1242 > http [FIN, ACK] Seq=891 Ack=583
Win=63930 Len=0
25 30.668491 srv cli TCP http > 1242 [FIN, ACK] Seq=583 Ack=892
Win=7120 Len=0
26 30.668646 cli srv TCP 1242 > http [ACK] Seq=892 Ack=584 Win=63930
Len=0
Another socket apparently open on port 1184 that gets closed by the server:
No. Time Src Dest Prot Info
2 0.000566 srv cli TCP http > 1184 [FIN, ACK] Seq=0 Ack=0
Win=17030 Len=0
3 0.000788 cli srv TCP 1184 > http [ACK] Seq=0 Ack=1 Win=64172 Len=0
14 0.005090 cli srv TCP 1184 > http [FIN, ACK] Seq=0 Ack=1
Win=64172 Len=0
15 0.005265 srv cli TCP http > 1184 [ACK] Seq=1 Ack=1 Win=17030 Len=0
I'd be greatful for any comments or clarifications from people having
insight in issues like this.
Mike Wilson
-------
When the server closes the connection on a socket where IE is currently
sending a HTTP POST, IE will resend the request on a new socket, but will
only send the HTTP headers and not the form-data. (Seen when POST uses
multipart/form-data.)
Description
-----------
We are sometimes experiencing strange IE behaviour when surfing on webapps
on our application servers. Recently I was lucky to capture the network
traffic at one of these incidents, and it looks like IE's handling of
server-initiated connection closing/reset is broken.
In our example I submit a web form using POST and multipart/form-data. IE
sends the request on an existing socket and the server immediately replies
with a FIN reply to close the socket. IE continues to send on the socket
so the server finally resets the connection.
IE then automatically opens a new socket and successfully resends the
request, but leaves out the form-data and only sends the headers.
This is what the original request looks like (corresponding to the POST
beginning in packet 1 below, 5 packets in total), some headers and data
left out:
=========================================================================
POST /protected/editStudy.do HTTP/1.1
Content-Type: multipart/form-data;
boundary=---------------------------7d512c1b60e04
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR
1.0.3705; .NET CLR 1.1.4322)
Content-Length: 4678
Connection: Keep-Alive
Cookie: <snip>
-----------------------------7d512c1b60e04
Content-Disposition: form-data; name="editObjectChanged"
true
-----------------------------7d512c1b60e04
<snip...>
-----------------------------7d512c1b60e04
=========================================================================
This is what the resent request looks like (corresponding to the POST
beginning in packet 19 below, 1 packet in total):
=========================================================================
POST /protected/editStudy.do HTTP/1.1
Content-Type: multipart/form-data;
boundary=---------------------------7d52262c60e04
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR
1.0.3705; .NET CLR 1.1.4322)
Content-Length: 4678
Connection: Keep-Alive
Cookie: <snip>
=========================================================================
As can be seen the form-data is not sent and after a 30 sec timeout the
server responds with a timeout error as it isn't getting the promised 4678
bytes.
The Ethereal capture from the client's network interface is seen below.
It has been split up per socket used (the socket on port 1184 is included
at the end for clarity even though it doesn't seem to be related to the
POSTing)
First POST from client socket on port 1183, server wants to close the
connection but IE keeps sending. Server finally resets the connection:
No. Time Src Dest Prot Info
1 0.000000 cli srv HTTP POST /protected/editStudy.do HTTP/1.1
(cliport 1183)
4 0.000811 srv cli TCP http > 1183 [FIN, ACK] Seq=0 Ack=890
Win=18120 Len=0
5 0.000912 cli srv TCP 1183 > http [ACK] Seq=890 Ack=1 Win=63492
Len=0
6 0.002693 cli srv HTTP Continuation (cliport 1183)
7 0.002992 cli srv HTTP Continuation (cliport 1183)
8 0.003268 srv cli TCP http > 1183 [RST] Seq=1 Ack=1630252331
Win=0 Len=0
9 0.003329 cli srv HTTP Continuation (cliport 1183)
10 0.003437 cli srv HTTP Continuation (cliport 1183)
11 0.003535 srv cli TCP http > 1183 [RST] Seq=1 Ack=1630252331
Win=0 Len=0
12 0.003836 srv cli TCP http > 1183 [RST] Seq=1 Ack=1630252331
Win=0 Len=0
13 0.003918 srv cli TCP http > 1183 [RST] Seq=1 Ack=1630252331
Win=0 Len=0
IE resends POST from client socket on port 1242, form-data is missing and
the server returns error after 30 secs:
No. Time Src Dest Prot Info
16 0.016378 cli srv TCP 1242 > http [SYN] Seq=0 Ack=0 Win=64512
Len=0 MSS=1460
17 0.016563 srv cli TCP http > 1242 [SYN, ACK] Seq=0 Ack=1 Win=5840
Len=0 MSS=1460
18 0.016679 cli srv TCP 1242 > http [ACK] Seq=1 Ack=1 Win=64512 Len=0
19 0.018473 cli srv HTTP POST /protected/editStudy.do HTTP/1.1
(cliport 1242)
20 0.018881 srv cli TCP http > 1242 [ACK] Seq=1 Ack=891 Win=7120
Len=0
21 30.549929 srv cli HTTP HTTP/1.1 500 Internal server Error (cliport
1242)
22 30.667116 cli srv TCP 1242 > http [ACK] Seq=891 Ack=141 Win=64372
Len=0
23 30.667414 srv cli HTTP Continuation (cliport 1242)
24 30.668228 cli srv TCP 1242 > http [FIN, ACK] Seq=891 Ack=583
Win=63930 Len=0
25 30.668491 srv cli TCP http > 1242 [FIN, ACK] Seq=583 Ack=892
Win=7120 Len=0
26 30.668646 cli srv TCP 1242 > http [ACK] Seq=892 Ack=584 Win=63930
Len=0
Another socket apparently open on port 1184 that gets closed by the server:
No. Time Src Dest Prot Info
2 0.000566 srv cli TCP http > 1184 [FIN, ACK] Seq=0 Ack=0
Win=17030 Len=0
3 0.000788 cli srv TCP 1184 > http [ACK] Seq=0 Ack=1 Win=64172 Len=0
14 0.005090 cli srv TCP 1184 > http [FIN, ACK] Seq=0 Ack=1
Win=64172 Len=0
15 0.005265 srv cli TCP http > 1184 [ACK] Seq=1 Ack=1 Win=17030 Len=0
I'd be greatful for any comments or clarifications from people having
insight in issues like this.
Mike Wilson