Stories
Slash Boxes
Comments
NOTE: use Perl; is on undef hiatus. You can read content, but you can't post it. More info will be forthcoming forthcomingly.

All the Perl that's Practical to Extract and Report

use Perl Log In

Log In

[ Create a new account ]

grantm (164)

grantm
  (email not shown publicly)
http://www.mclean.net.nz/

Just a simple [cpan.org] guy, hacking Perl for fun and profit since way back in the last millenium. You may find me hanging around in the monestary [perlmonks.org].

What am I working on right now? Probably the Sprog project [sourceforge.net].

GnuPG key Fingerprint:
6CA8 2022 5006 70E9 2D66
AE3F 1AF1 A20A 4CC0 0851

Journal of grantm (164)

Friday May 21, 2004
06:14 AM

Arggghhhh IE (again)!

[ #18867 ]

So this week we launch a web site that uses SSL. Wierd problems ensue for people who are using IE 6.0 on Windows XP - a scarily common configuration.

An analysis of the symptoms seems to suggest that the browser is sending a POST with no content. Note, this is quite different from the form being submitted with no fields completed. In our case not even the field names were received although it was a post request and it did have a non-zero Content-length header.

Turns out it's a bug - introduced by a recent security patch.

It goes like this:

  1. browser sends a request over an SSL connection and uses KeepAlive to keep the connection open.
  2. while the user is typing into the form, the KeepAlive timeout expires on the server and the connection is closed.
  3. the user hits submit, which quietly fails deep in the bowels of IE since it failed to notice when the server closed the connection.
  4. Don't worry though, IE cleverly recovers from its own screwup by reopening the connection and retrying the POST. Sadly however the form contents got lost in the bowels and the retried POST arrives at the server with no body.

Do these people not do regression testing?

The thing that pisses me off the most, is that the browser is broken, but we have to implement a workaround on the server (disable KeepAlive) so it looks to all the world like we had a bug and we fixed it.

The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
 Full
 Abbreviated
 Hidden
More | Login | Reply
Loading... please wait.
  • Another solution would have been to give them a link to the knowledge base article about the bug with a brief explanation and explain that it includes a link to the critical update that is intended to fix it. This is not the best solution because it points fingers. It does, however, clearly remove any blame from your company.

  • We had the same issues with some of our users, but it was very intermittent and we could never reproduce it. I did manage to deduce that it was IE only, so we were just telling users to use another browser.

    Thanks so much for putting this in your log and putting up the link. Now we can suggest they update their computer to see if that works.

  • On a personal site you can always encourage IE users to upgrade to a better browser. It's a bit cheeky, but you can implement Dead Edwards noIE [edwards.name] css trick. I've patched mine to link to the Broswe Happy [browsehappy.com] site, as I don't mind what people use, as long as it's not IE.

    --
    -- "It's not magic, it's work..."