Bean William R wrote:
Is there a RFC that describes best behaviour of server and client in this
situation?
My guess is that the disagreement comes somewhere in RFC 2616 section 8.2.3 -
Use of the 100 (Continue) Status.
http://www.w3.org/Protocols/rfc2616/rfc2616-sec8.html
On my opinion Tomcat behaves correctly. If client doesn't send proper
credentials it is dangerous and useless to read all input data.
That was our opinion for httpd as well.
I've switched off the connection keep alive at Connector config. And now client doesn't
suffer by closing a socket. So this is a solution for "bad" .net client.
Jan.
Glad to hear!
If there is any Windows-like authentication involved, it may affect the viability or at
least the scalability of this solution. Windows authentication is relatively
resource-intensive, and requires the exchange of several messages on the same connection.
That is why it normally requires connection persistence (keepalive).
Disabling keepalive altogether may prevent Windows authentication from working at all, or
at last force multiple additional re-authentications for the same client.
That may not be important for you here, but it may come back to haunt you if you ever port
this application to a Windows-authenticated context.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
