Text View
Html View
Wininet retries POST requests with a blank header
View products that this article applies to.
Important This article contains information about modifying the registry.
Before you modify the registry, make sure to back it up and make sure that you
understand how to restore the registry if a problem occurs. For information
about how to back up, restore, and edit the registry, click the following
article number to view the article in the Microsoft Knowledge Base:
256986 Description of the Microsoft Windows Registry
SYMPTOMS
Programs that use Wininet functions to post data (such as a user name or a
password) to a Web server retry the POST request with a blank header if the
Web server closes (or resets) the initial connection request.
Note A POST request has a blank header if its content length is set to 0 or
is empty.
Sometimes, this behavior prevents another reset from occurring and permits
authentication to complete. However, you may receive an HTTP 500 (Internal
server error) Web page if the Web server must have the POST data included when
Wininet retries the POST request.
For example, when you submit your user name and password to an SSL-secured
Web site by using a form on a HTTPS Web page, Microsoft Internet Explorer
may not resend this information to the Web server if the initial connection
is closed (or reset).
CAUSE
This problem occurs after you apply the 832894 security update (MS04-004) or
the 821814 hotfix.
For additional information about these software updates, click the following
article number to view the article in the Microsoft Knowledge Base:
832894 MS04-004: Cumulative security update for Internet Explorer
821814 You receive a "page cannot be displayed" error message when you post
to a site that requires authentication
The 832894 security update (MS04-004) and the 821814 hotfix change how
Wininet.dll retries POST requests with a blank header when a Web server
resets the connection.
RESOLUTION
Update information
The following files are available for download from the Microsoft Download Center:
Download the Q831167.exe (32-bit) package now.
Download the Q831167.exe (64-bit) package now.
Release Date: February 12, 2004
For additional information about how to download Microsoft Support files,
click the following article number to view the article in the Microsoft
Knowledge Base:
119591 How to Obtain Microsoft Support Files from Online Services
Microsoft scanned this file for viruses. Microsoft used the most current
virus-detection software that was available on the date that the file was
posted. The file is stored on security-enhanced servers that help to prevent
any unauthorized changes to the file.
Prerequisites
To install this update, you must be running Internet Explorer 6 SP1
(version 6.00.2800.1106) on one of the following versions of Windows:
* Microsoft Windows XP Service Pack 1
* Microsoft Windows XP 64-Bit Edition, Service Pack 1
* Microsoft Windows XP
* Microsoft Windows 2000 Service Pack 2, Service Pack 3, Service Pack 4
* Microsoft Windows NT Workstation, Server, and Terminal Server Edition 4.0 Service Pack 6a
* Microsoft Windows 98
* Microsoft Windows 98 SE
* Microsoft Windows Millennium Edition
Restart requirement
You must restart your computer after you apply this update.
Update replacement information
This update replaces 821814.
File information
The English version of this update has the file attributes (or later) that
are listed in the following table. The dates and times for these files are
listed in coordinated universal time (UTC). When you view the file information,
it is converted to local time. To find the difference between UTC and local
time, use the Time Zone tab in the Date and Time tool in Control Panel.
Date Time Version Size File name Platform
-------------------------------------------------------------------
06-Feb-2004 18:05 6.0.2800.1405 588,288 Wininet.dll
07-Feb-2004 01:41 6.0.2800.1405 1,796,608 Wininet.dll IA-64
WORKAROUND
If you cannot apply the update that is discussed in the Resolution section,
you can use one of the following server-side actions to work around the problem:
* Increase the HTTP keep-alive timeout interval on the Web server or the
proxy server. There is no setting in Microsoft Internet Information
Services (IIS) to control the keep-alive timeout other than the Windows
registry KeepAliveTime value. However, some Web servers and some proxy
servers could allow you to specify a connection expiration time. If the
Web server or the proxy server allows you to change this value, increase
the keep-alive timeout interval. See your Web server documentation for the
correct setting name and value. For additional information about the
Windows KeepAliveInterval and the Windows KeepAliveTime parameters, click
the following article numbers to view the articles in the Microsoft Knowledge
Base:
314053 TCP/IP and NBT Configuration Parameters for Windows XP
120642 TCP/IP and NBT Configuration Parameters for Windows 2000 or Windows NT
* Disable the HTTP "keep alive connections" on the server. For additional
information, click the following article number to view the article in the
Microsoft Knowledge Base:
238210 HTTP Keep-Alive Header Sent Whenever ASP Buffering is Enabled
STATUS
Microsoft has confirmed that this is a problem in Microsoft Internet Explorer 6.
MORE INFORMATION
Warning If you use Registry Editor incorrectly, you may cause serious problems
that may require you to reinstall your operating system. Microsoft cannot
guarantee that you can solve problems that result from using Registry Editor
incorrectly. Use Registry Editor at your own risk.
After you apply the 831167 software update that is described in this article,
programs that use Wininet functions to post data to a Web server will resend
complete POST requests when a connection with a Web server is reset.
To enable header-only post behavior, create a DWORD value named SampleApp.exe,
where SampleApp is the name of the executable file that runs the program. Set
the DWORD value's value data to 1 in one of the following registry keys:
* For all users of the program, set the value in the following registry key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\Retry_HeaderOnlyPOST_OnConnectionReset
* For the current user of the program only, set the value in the following registry key:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\Retry_HeaderOnlyPOST_OnConnectionReset
For example, to enable header-only post behavior in Internet Explorer and
Windows Explorer, create DWORD values for iexplore.exe and explore.exe in one
of these registry keys, and set their value data to 1.
Note To enable header-only post behavior for all programs that use Wininet
functions to post data to a Web server, create a DWORD value named * to the
same registry key, and set the value's value data to 1.
The information in this article applies to:
* Microsoft Internet Explorer 6.0