I have tried using websocket instead of polling still the same error exists
A handshake request is sent to the server, the server responds with a SID and other information ({"sid":"f-re6ABU3Si4pmyWADCx","upgrades":["websocket"],"pingInterval":25000,"pingTimeout":60000})
The client initiates a polling-request, including this SID: GET .../socket.io/?EIO=2&transport=polling&t=1408648886249-1&sid=f-re6ABU3Si4pmyWADCx
Instead of sending data, the server responds with 400 Bad Request: {"code":1,"message":"Session ID unknown"}
The client performs a new handshake (GET .../socket.io/?EIO=2&transport=polling&t=1408648888050-3, notice the previously received SID is omitted)
The server responds with new connection data, including a new SID: ({"sid":"DdRxn2gv6vrtZOBiAEAS","upgrades":["websocket"],"pingInterval":25000,"pingTimeout":60000}
Related
we have a front end of Angular, backend on Node.js, Apache as web server and socket.io install, when a user refreshes the browser (client) the apache gets a GET request with transport=websocket for the session ID which has been closed/disconnected, which is what it should get as the previous session was keep alive and apache will receive it when the connection closes.
The issue is that our node.js socket.io implementation is responding to the request with 200 status, now when the server responds with 101 as the session ID is already disconnected that packet out will essentially be lost in transit.
Should we be responding with 101 at all, or instead invalidate the request with 400?
From what I understand, what multiplexing means is that the client just need to create one TCP connection with the server and it can send multiple requests at the same time without having to wait for the response of one request before continuing another. So if I send 3 request at the same time, there are also 3 response streams.
And for server push, the client sends one request to the server, the server then guesses that the client needs other resources (also called promises) other than the one it requested, so it sends push promise streams hinting the client with the URL of the additional resources. The client may choose to request those additional resources or not.
My questions are:
For any response sent from the server to the client, does it have to be a request initiated first? I mean, it I created a connection to
the server, I did not send any request. Could I be getting responses
from server via server push? In multiplexing, I get same number of
responses for same number of requests. In server push, I can get
multiple responses for one request. So does there always have to be a
request first?
In server push, when a promise stream is sent by the server to the client containing the URL of the additional resources, does that mean
the server will only push the additional resources only when the
client accepts the promises?
[the server] sends push promise streams hinting the client with the URL of the additional resources. The client may choose to request those additional resources or not.
This is not correct. When the server sends to the client a PUSH_PROMISE, the server will then send the resource content associated to that pushed resource.
The only thing that the client can do is to reset the pushed stream via a RST_STREAM frame, but it may well be that the whole pushed resource is already in-flight so resetting the pushed stream has no effect: the client will receive the pushed resource bytes and may discard them if not interested.
To answer your specific questions:
Yes, a response from the server is always client-initiated. If a client does not send any request to the server, the server cannot push to the client. Even in the case of server push, the client always initiated a stream by making a request, and server pushes are always associated to that "parent" request.
The PUSH_PROMISE frame is an indication from the server to the client of what resource the server is about to push. The client does not "accept" pushes, the server forces them to the client. The only thing the client can do is to reset the stream associated with the pushed resource; as I said, the server may have already pushed the whole resource by the time it receives the RST_STREAM frame from the client.
I have written WebSocket server with token authentication where the client connects as:
socket = new WebSocket("wss://websockets", ["hub", token] )
It uses subprotocol to squeeze auth token within headers.
On the server side I intercept this header key and authorize the request which works great - the client connects ok and keeps the connection open.
When token is not supplied, connection is rejected - great!
So in the typical use case: chat application, the user logins and gets authorization token to open the connection. Once connection is opened the client sends message to the server and the server sends that message to all connected clients.
So, so far I understand that the opening connection to the server and sending message to it is secured. What happens when that message is pushed to all connected clients? I donĀ“t need to be concerned about authorization of incoming messages (to the client) since the client needs to be connected and therefore authorized to receive those messages right?
I have a Jersey client and server. And I see this behavior:
In client I post a request
In the server I see the request and start to handle it
Then out of a sudden I receive an empty response with status 504 to the client while the server still processes the request
I've set the client properties to have read and connect timeouts much higher than the time I get the empty response
After further analysis - the gateway timeout was due to a Load-Balancer between the client and the server.
Reconfiguring the timeout in the Load-Balancer solved the issue
I'm using fiddler to debug android app, I can capture the HTTP request and Http response, but I can not capture the HTTPS request/response , I already install the fiddler root certificate.
The request is :
# Result Protocol Host URL Body Caching Content-Type Process Comments Custom
119 200 HTTP Tunnel to api.find.nutspace.com:443 0
In the request inspector , I got that:
After the client received notice of the established CONNECT, it failed to send any data.
I got no response body data , the headers of the response is :
HTTP/1.1 200 Connection Established
FiddlerGateway: Direct
StartTime: 11:49:35.178
Connection: close
Can anyone know why it failed to send any data?
When this problem occurs, the typical explanation is that you failed to properly configure Android to trust Fiddler's root certificate. As a consequence, after the Connection is established, the Android application examines the certificate, notes that it is not trusted, and decides not to use the connection to send a secure request.
You haven't specified what application you're using, how you attempted to trust the certificate, and whether you can capture HTTPS traffic in the Android browser.