Interview Bank
  • Interview Bank
  • Web
    • Persistent Connection and Non Persistent
    • CDN
    • Code Review
    • JWT
      • JWT vs Session Based Authentication
      • JWT Challenge
      • JWE
      • JWS
    • Content Security Policy (CSP)
    • Same-origin Policy (SOP)
    • Cross-Origin Resource Sharing (CORS)
      • Exploiting CORS
    • HTTP Strict Transport Security (HSTS)
    • SQL Injection (SQLi)
    • Password Encryption in Login APIs
    • API Security
      • API Principles
    • Simple bypass PHP
    • Server-side Template Injection (SSTI)
    • Javascript Object and Inheritance
    • HTTP/2
    • Cookie vs Local vs session Storage
    • XML External Entity (XXE)
    • What happened when enter domain name in browser
    • Prototype Pollution - Part 1
    • Prototype Pollution - Part 2
    • Nginx vs Apache
  • OT Security
    • Securing Operational Technology: Understanding OT Security
  • Quantum Computing
    • Quantum Computing: Unveiling the Cryptographic Paradigm Shift
    • Quantum Obfuscation: Shielding Code in the Quantum Era
  • DevSecOps
    • Continuous Integration/Continuous Deployment Pipeline Security
    • Chaos Engineering Overview
      • Security Chaos Engineering
    • Mysql VS redis
    • Kubernetes (k8s)
    • How MySQL executes query
    • REDIS
    • Difference between cache and buffer
  • Windows
    • Pentesting Active Directory - Active Directory 101
    • Pentesting Active Directory - Kerberos (Part 1)
    • Pentesting Active Directory - Kerberos (Part 2)
    • AD vs Kerberos vs LDAP
    • Active Directory Certificate Services Part 1
    • Unconstrained Delegation
    • AS-REP Roasting
    • NTLM Relay via SMB
    • LLMRN
    • Windows lateral movement
    • Constrained Delegation
    • Resource-Based Constrained Delegation
    • IFEO (lmage File Execution Options) Hijacking
  • UNIX
    • Setuid
  • Large Language Models (LLMs)
    • Tokens
    • LangChain
    • Integration and Security
  • Android
    • Keystore
  • Red team development
    • Secure C2 Infrastructure
    • P Invoke in c#
    • D Invoke
    • ExitProcess vs ExitThread
  • Blue Team
    • Indicators of Compromise
    • Methods to prevent Email domain spoofing
    • Windows Prefetching
  • CVE
    • XZ Outbreak CVE-2024-3094
    • Log4J Vulnerability (CVE-2021-44228)
    • SolarWinds Hack (CVE-2020-10148)
    • PHP CGI RCE (CVE-2024-4577)
    • Windows Recall
  • Software Architecture
    • Microservices
    • KVM
  • Docker
    • Overview
    • Daemon Socket
    • Tips to reduce docker size
  • Blockchain
    • Overview
    • Smart Contract
  • Business Acumen
    • Market Research Reports and Perception
    • Understanding Acquisitions
    • Cybersecurity as a Business Strategy
  • Cyber Teams
    • Introduction to Purple Teaming
  • Malware
    • Dynamic Sandbox Limitations
Powered by GitBook
On this page
  • HTTP Keep-live
  • How to use Keep-Alive function
  • HTTP PipeLining
  • Author
  1. Web

Persistent Connection and Non Persistent

PreviousInterview BankNextCDN

Last updated 1 year ago

Interview question:

What is the difference between Persistent connection and non-persistent connection.

HTTP Keep-live

Http protocol used the request - Response mode, when client request, the server will then response.

Since HTTP is implemented based on the TCP transport protocol, the client and server need to establish a TCP connection before HTTP communication can occur. Then, the client sends an HTTP request, and once the server receives it, it returns a response. This completes the "request-response" pattern, after which the TCP connection is released.

for each request had to go through this process:

establish TCP -> request resources -> respond with resources -> release connection

it would indeed be too cumbersome, as a connection could only request a resource once.

Is it possible to not disconnect the TCP connection after the first HTTP request, allowing subsequent HTTP requests to continue using this connection?

Certainly, HTTP Keep-Alive achieves this functionality by using the same TCP connection to send and receive multiple HTTP requests/responses. This avoids the overhead of establishing and releasing connections and is known as an HTTP Persistence connection.

How to use Keep-Alive function

HTTP 1.0

In HTTP 1.0, default it is closed, only if browser want to activate it must add in the request header

Connection: Keep-Alive

When server side receive the request, it will reply with a header in response too

Connection: Keep-Alive

By doing so, the connection is not interrupted but maintained. When the client sends another request, it uses the same connection. This continues until either the client or the server decides to terminate the connection.

HTTP 1.1

The default mode is browser will enable Keep-Alive . To disable Keep-Alive, you need to add the following line to the HTTP request header:

Connection: close

HTTP PipeLining

HTTP persistent connections not only reduce the overhead of TCP connection resources but also provide a feasible foundation for HTTP pipelining technology.

HTTP pipelining allows the client to send multiple requests at once without waiting for the server's response before sending subsequent requests, which can decrease the overall response time.

For instance, if a client needs to request two resources, the traditional approach would be to send request A within the same TCP connection, wait for the server to respond, and then send request B. The HTTP pipelining mechanism, on the other hand, permits the client to issue requests A and B simultaneously.

So here comes the question:If HTTP persistent connections are used, and the client does not initiate any new requests after completing an HTTP request, wouldn't this continuous occupation of the TCP connection be quite wasteful of resources?

To avoid the waste of resources, web service software generally provides a keepalive_timeout parameter to specify the timeout for HTTP persistent connections.

For example, if the timeout for HTTP persistent connections is set to 60 seconds, the web service software will start a timer. If the client does not initiate any new requests within 60 seconds after completing the last HTTP request, once the timer expires, it will trigger a callback function to release the connection.

Author

Chen Xing