> Ok, that makes more sense.  And, just to make sure I
> understand, here's the sequence of events:
> 1. IE Sends request without auth information.


> 2. Server responds with 401 after the headers are
> received.


> 3. IE continues sending whatever was in send buffer
> (up to Content-Lenght bytes) but stops when the 401
> response is received.

I cannot confirm that it stops at this point, but I think that it doesn't 

> 4. Server receives the bad data (whatever IE sent
> after the 401 response) and discards it without
> problem (up to Content-Length bytes).

I don't know what the server does with that data, but I think that it is
reasonable that they are discarded :-)

> 5. IE then pauses to ask the user for login information.

Not exactly. I tried to send more that 700KB and wait some seconds before doing
the login. In that case it has not finished to send the data and the re-send was
made with a new connection (maybe because a server timeout).
So I think that it is possible (depending on the amount of data to send) that it
can pause for login before it has finished to send the data. Then if the
connection is still alive continue to send the rest, otherwise start immediately
to re-send doing a new connection.

> 6. IE re-sends the request with valid auth
> credentials and the entire payload as normal.


> 7. Server authenticates the connection and accepts
> the request.


> Is the above accurate?  If so, then what is the
> problem?  If the server silently discards the payload
> data from the unauthorized request, then surely there
> is no problem with HttpCli, unless it is sending more
> than Content-Length data and the server is
> interpreting the extraneous data as a new request.

The problem is that when HttpCli detect the 401 (after finished to receive the
body?) it start to re-send even if it has not finished the previous one, so the
server will discard part of it, so it appear "truncated" on the head.

Bye, Maurizio.

This mail has been sent using Alpikom webmail system

To unsubscribe or change your settings for TWSocket mailing list
please goto
Visit our website at

Reply via email to