|
Posted by osfwofujro on 09/07/05 00:16
osfwofujro wrote:
> Benjamin Niemann wrote:
>
>> osfwofujro wrote:
>>
>>
>>
>>> When I connect to a webpage the page downloads on to my computer. When
>>> the page has finished downloading, am I correct in thinking that the
>>> connection between me and the web server terminates?
>>>
>>
>>
>> Not necessarily. HTTP/1.1 knows 'keep-alive': if both sides (client and
>> server, and perhaps proxies inbetween) support it, the connection
>> will be
>> kept open and be reused for more request. This can significantly improve
>> page loading times (e.g. with lots of graphics), because the TCP
>> handshake
>> to initiate a connection does not have to be performed for every
>> document/media object.
>>
>>
>>
> What would happen if you connected to the site via a proxy or series
> of proxies, so the site did not get your real IP; but then you closed
> the proxies and changed the settings to direct connection, so your IP
> was obvious, but did not click on any new pages for the particular
> site? Could that site get your IP via this keep alive concept or
> would that fact that the closing of the proies changes the method of
> connecting to the site, mean this would not be the case? Thanks.
>
IOW, to be more succint about this, does cancelling the proxy/ies mean
the keep alive connection is broken?
>>> And then if I click on another link in the same site or refresh the
>>> page, then I reconnect from scratch again?
>>>
>>
>>
>> Only if your at least one of the parties involved (client, server,
>> proxies)
>> does not support keep-alive or all connection have been closed after a
>> certain timeout.
>>
>>
>>
>>> And that the webpage knows who I am (say if it's webmail) because of
>>> the cookie?
>>>
>>
>>
>> That is just one of several possibilities. Others are session IDs in the
>> query part of the URL (...?SID=3487387...), the referer header, your IP
>> address or the ETag header could be abused for this. The latter three
>> are
>> all too fragile to be used e.g. for session management as it's used
>> for a
>> webmail application. Cookies or query strings are commonly used for
>> this.
>>
>>
>>
>>> IOW, once the page has downloaded, the link between me and the website
>>> is over - until I request another page/graphic/text on that site?
>>>
>>
>>
>> see above
>>
>>
>>
[Back to original message]
|