Connections when downloading web pages.

O

osfwofujro

When I connect to a webpage the page downloads on to my computer. When
the page has finished downloading, am I correct in thinking that the
connection between me and the web server terminates?

And then if I click on another link in the same site or refresh the
page, then I reconnect from scratch again? And that the webpage knows
who I am (say if it's webmail) because of the cookie?

IOW, once the page has downloaded, the link between me and the website
is over - until I request another page/graphic/text on that site?

Thanks.
 
B

Benjamin Niemann

osfwofujro said:
When I connect to a webpage the page downloads on to my computer. When
the page has finished downloading, am I correct in thinking that the
connection between me and the web server terminates?

Not necessarily. HTTP/1.1 knows 'keep-alive': if both sides (client and
server, and perhaps proxies inbetween) support it, the connection will be
kept open and be reused for more request. This can significantly improve
page loading times (e.g. with lots of graphics), because the TCP handshake
to initiate a connection does not have to be performed for every
document/media object.
And then if I click on another link in the same site or refresh the
page, then I reconnect from scratch again?

Only if your at least one of the parties involved (client, server, proxies)
does not support keep-alive or all connection have been closed after a
certain timeout.
And that the webpage knows
who I am (say if it's webmail) because of the cookie?

That is just one of several possibilities. Others are session IDs in the
query part of the URL (...?SID=3487387...), the referer header, your IP
address or the ETag header could be abused for this. The latter three are
all too fragile to be used e.g. for session management as it's used for a
webmail application. Cookies or query strings are commonly used for this.
IOW, once the page has downloaded, the link between me and the website
is over - until I request another page/graphic/text on that site?

see above
 
O

osfwofujro

Benjamin said:
osfwofujro wrote:




Not necessarily. HTTP/1.1 knows 'keep-alive': if both sides (client and
server, and perhaps proxies inbetween) support it, the connection will be
kept open and be reused for more request. This can significantly improve
page loading times (e.g. with lots of graphics), because the TCP handshake
to initiate a connection does not have to be performed for every
document/media object.
Thanks. Is there a way to find out if the webpage uses keep-alive? Say
by looking in the source?
 
O

osfwofujro

Benjamin said:
osfwofujro wrote:




Not necessarily. HTTP/1.1 knows 'keep-alive': if both sides (client and
server, and perhaps proxies inbetween) support it, the connection will be
kept open and be reused for more request. This can significantly improve
page loading times (e.g. with lots of graphics), because the TCP handshake
to initiate a connection does not have to be performed for every
document/media object.
What would happen if you connected to the site via a proxy or series of
proxies, so the site did not get your real IP; but then you closed the
proxies and changed the settings to direct connection, so your IP was
obvious, but did not click on any new pages for the particular site?
Could that site get your IP via this keep alive concept or would that
fact that the closing of the proies changes the method of connecting to
the site, mean this would not be the case? Thanks.
 
O

osfwofujro

osfwofujro said:
What would happen if you connected to the site via a proxy or series
of proxies, so the site did not get your real IP; but then you closed
the proxies and changed the settings to direct connection, so your IP
was obvious, but did not click on any new pages for the particular
site? Could that site get your IP via this keep alive concept or
would that fact that the closing of the proies changes the method of
connecting to the site, mean this would not be the case? Thanks.
IOW, to be more succint about this, does cancelling the proxy/ies mean
the keep alive connection is broken?
 
B

Benjamin Niemann

osfwofujro said:
IOW, to be more succint about this, does cancelling the proxy/ies mean
the keep alive connection is broken?

Correct. Or simply configure your useragent not to use keep-alive (if it
does support it at all).

But why do you want to know this at all?
If you are interested in the technical details, read the RFC2616
<http://www.faqs.org/rfcs/rfc2616.html>. Some basics about TCP/IP might
also help.
If you are concerned about your privacy: I never heard of someone using
keep-alive as a way to track users (which does not imply anything ;) - at
least someone has spent some (not really much) thoughts on this:
<http://www.arctic.org/~dean/tracking-without-cookies.html>.
 
O

osfwofujro

Benjamin said:
osfwofujro wrote:




Correct. Or simply configure your useragent not to use keep-alive (if it
does support it at all).

But why do you want to know this at all?
If you are interested in the technical details, read the RFC2616
<http://www.faqs.org/rfcs/rfc2616.html>. Some basics about TCP/IP might
also help.
If you are concerned about your privacy: I never heard of someone using
keep-alive as a way to track users (which does not imply anything ;) - at
least someone has spent some (not really much) thoughts on this:
<http://www.arctic.org/~dean/tracking-without-cookies.html>.
Yes, my issue was as followed: I used proxies to connect to a site, thus
hiding my IP. Without noticing, since I was using Firefox, one of the
windows (open in a new window) was still open when I closed the proxy
program and changed the browser to "directly connect". I did not
connect the the site again, but simply closed the browser window for
that site. I was wondering, since there was no connection to the site,
and the site does not automatically refresh, if the site could grab my
IP. I had not heard of the keep alive technique, but it would appear,
that because the specific connection was broken when the proxy chain was
closed, that the site could not have grabbed my IP. I take it this is
correct and thank you, once again, for your informative responses.

Incidenatlly, in FF options I can not see an option not to use keep
alive technique.
 
B

Benjamin Niemann

osfwofujro said:
Yes, my issue was as followed: I used proxies to connect to a site, thus
hiding my IP. Without noticing, since I was using Firefox, one of the
windows (open in a new window) was still open when I closed the proxy
program and changed the browser to "directly connect". I did not
connect the the site again, but simply closed the browser window for
that site. I was wondering, since there was no connection to the site,
and the site does not automatically refresh, if the site could grab my
IP. I had not heard of the keep alive technique, but it would appear,
that because the specific connection was broken when the proxy chain was
closed, that the site could not have grabbed my IP. I take it this is
correct and thank you, once again, for your informative responses.

You should be save for 99.999999%. There is the very small possibility that
the document in the window constantly 'pinged' the server using JavaScript
without any visual change (like refreshing). But I doubt that even the most
evil webmaster would make this effort just to catch one additional IP every
5000 years...
Incidenatlly, in FF options I can not see an option not to use keep
alive technique.

IIRC, it's hidden in the config file that you have to edit manually.
 
O

osfwofujro

Benjamin said:
osfwofujro wrote:




You should be save for 99.999999%. There is the very small possibility that
the document in the window constantly 'pinged' the server using JavaScript
without any visual change (like refreshing). But I doubt that even the most
evil webmaster would make this effort just to catch one additional IP every
5000 years...
So, IOW, if the site wanted to it could ask JS to connect to the server
to grab the IP. But, as you say, this seems extreme.

Thanks so much for your help - really appreciated.
 
O

osfwofujro

Benjamin said:
osfwofujro wrote:




You should be save for 99.999999%. There is the very small possibility that
the document in the window constantly 'pinged' the server using JavaScript
without any visual change (like refreshing). But I doubt that even the most
evil webmaster would make this effort just to catch one additional IP every
5000 years...

So, basically, even if the keep alive technique was being used, the
cancelling the proxy, would mean the keep alive was broken, and the site
could not get my IP?
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

No members online now.

Forum statistics

Threads
473,744
Messages
2,569,482
Members
44,901
Latest member
Noble71S45

Latest Threads

Top