- From: Jeffrey Mogul <mogul@pa.dec.com>
- Date: Mon, 21 Apr 97 11:28:45 MDT
- To: http-wg@cuckoo.hpl.hp.com
John Franks <john@math.nwu.edu> writes:
I haven't been following the "100 Continue" discussion, but today I
read all the relevant sections of the spec and I must say I am
confused.
You might also want to read
http://www.ics.uci.edu/pub/ietf/http/hypermail/1997q2/0134.html
which is my attempt to explain the motivation behind the design.
Here are a few of my questions:
All questions apply to a transaction between a 1.1 origin server
and a 1.1 client.
1) Is it legal for the server to never send "100 Continue" and instead
just close the connection for requests it does not wish to grant?
Since the server can always close the connection whenever it wants,
the question is will the client hang indefinitely waiting for a "100
continue" or error message? An old version of the spec had a 5 second
pause, but now that is gone.
It's always legal for the server to close the connection at any
time (in the persistent-connection model). The problem is that it
is equally legal for the client, when it sees a premature close
without any indication of error, to simply retry the connection
and the request.
This can lead to an infinite loop, if the client really wants to
make the request, and the server really wants to reject it. A
human user would probably get bored and hit "stop" after a while,
but we have to consider the possibility of an automated client
sucking down all of the server CPU cycles.
We got rid of the 5 second pause, as I recall, because it was clear
that an arbitrary (but fixed) timeout here would be wrong in at least
some cases.
2) Is it the intent that *every* client request with a body should
send headers and then wait for a "100 coninue" or error? The spec
does not explicitly say which transactions use this "two-phase"
procedure. It only says,
"Upon receiving a method subject to these requirements from an
HTTP/1.1 (or later) client, an HTTP/1.1 (or later) server MUST either
respond with 100 (Continue) status and continue to read from the input
stream, or respond with an error status."
Which transactions are "subject to these requirements"? Is it any
request with a body? If so, the spec should say this.
I think it does say it, but badly. Clearly this part needs a rewrite
(if we don't get rid of it entirely).
3) Does a client only wait for a "100 continue" on a retry? If so
does the server always send the "100 continue" or just on retries?
If the latter how does the server know it is a retry?
My understanding is that the client initially (i.e., the first
time it sends a request-with-body to a given server) does not wait.
But once it has seen the server close the connection "prematurely"
and it retries the request, it MUST wait, at least for that request.
The spec is silent on whether it is then mandatory for the client
to use the two-phase approach for a subsequent request-with-body.
I believe that this is not mandatory from a logical standpoint
(i.e., the protocol won't deadlock) but it might be necessary
from an efficiency standpoint (i.e., there could be a lot of
retrying otherwise). But, again, I think the whole two-phase
approach is of dubious merit, given its complexity.
-Jeff
P.S.: One note on terminology: this is NOT a "two-phase commit"
(a term that has a very specific meaning). This is a "two-phase
method invocation". Maybe I should have used the term "two-step".
Received on Monday, 21 April 1997 11:41:32 UTC