• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Disabling Keep-Alive or force connection closing for NSURLConnection?
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Disabling Keep-Alive or force connection closing for NSURLConnection?

  • Subject: Disabling Keep-Alive or force connection closing for NSURLConnection?
  • From: Timothy Wood <email@hidden>
  • Date: Thu, 16 Aug 2012 18:53:57 -0700

This has come up at least once in the archives, but there didn't seem to be a good answer. Hopefully I missed it…

The problem we are hitting is briefly outlined as:

• Perform a https-based request
• Challenge is met with credentials and request works (NSURLCredential set to per-session persistence)
• Delete the app's notion of the account, including removing the keychain entries (and removing credentials from the credential store, to no avail)
• Perform another request and it succeeds… if you do it quickly enough
• If you wait for "a while" the server or NSURLConnection closes off the established connection and the next attempt will properly re-challenge.

NSURLConnection forcing reuse of the established connection seems bad. At best this is confusing, but at worst it seems like a security/data corruption problem. Imagine you have a WebDAV server set up with different ACLs for the same resource. If the client app tries to switch from user A to user B it may accidentally be acting as user A for a few seconds longer than it intended.

NSURLConnection could listen to changes in the credential store and would kill off connections that were using now-deleted credentials. Or, NSURLConnection could provide API to flush the Keep-Alive pool. Most times we *do* want to reuse connections of course, but there needs to be an escape hatch.

Things we've tried:

• Setting the credentials to 'none' persistence: This causes every request to go through an extra 401 challenge and is bad for performance
• Use the older NSURLConnection delegate methods and try to return NO from -connectionShouldUseCredentialStorage: in the case we know we need to re-authorize. This doesn't get called when there is an established connection.
• Set a 'Connection: close' header on a request -- this is kinda too late (we want to close w/o doing a request), but is ignored anyway (other googling indicates NSURLConnection overrides this to be 'keep-alive').
• … a few other things of less savory nature that I'd not want to ship anyway

If I stop my app in the debugger right before the spot where we need to re-authenticate, I can see via 'lsof -i' that two https connections are alive. Waiting a few seconds for the server to kill them off forces the re-authentication to happen.

Logged as radar://11975686

Thanks!

-tim

 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Macnetworkprog mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden
  • Prev by Date: Re: Not getting all the data over the cell network
  • Next by Date: Re: Not getting all the data over the cell network
  • Previous by thread: Re: Not getting all the data over the cell network
  • Next by thread: C++ class declaration in NKE
  • Index(es):
    • Date
    • Thread