Forum Discussion
Hamish
Cirrocumulus
Feb 05, 2013I'm not convinced it's actually poorly configured clients...
I suspect what he's seeing is poorly written servers. It's not uncommon for 'lazy' developers to have a very long running backend procedure that they expect a client to sit & spin for. I've seen 30 minutes quoted from developers as being required... Most servers (Apache, IIS etc) will actually close the connection on the HTTP idle timeout (Default is usually 5 seconds). However the HTTP idle timeout doesn't apply for a client waiting on a reply from the server... It's typically only for the CLIENT sitting idle and the SERVER waiting for a request (I must check the RFC on that one for the wording... It's the way I remember it anyway :)
I'm not sure a client is expected to do the idle timeout. or if it is, it's only a SHOULD... Not a MUST. The server on the other hand SHOULD, because otherwise it's opening itself up for a pretty easy DOS attack... Long running replies just make that a bit easier...
H