ASIHttpRequest send a weired status code of zero. Not reaching the server - asihttprequest

I use ASIHTTPRequest framework in my iPhone application to manage the HTTP communication. I followed their examples given in the project home page to send asynchronous requests. There we have to implement two callbacks, one for requestFinish and other for requestFailed.
However, 60% of the time requests sent by the iPhone ends up in the "requestFinish" callback method and gives a valid HTTP status code. But sometimes it goes to "requestFailed" callback and the status code become '0' which is confusing.
My investigations revealed that the internet connection is ok, and I am sending the request to the correct URL, however no log messages found in server log.
So why does the request gets dropped in the middle so randomly? Has anyone came across with this type of issue. Will be very helpful.
Thanks

Are you looking at the status code of the ASIHTTPRequest object? That code is simply an HTTP response code - if you didn't get a response, then that should be zero.
Instead, you want to look at the NSError object that the delegate failure callback gives you.
I would use something like:
NSLog(#"%#",[error localizedErrorDescription]);
To print out to the log what the error is. Of course, "error" is the name of the variable in the method signature - you should double-check that, I think that's what the default is.

In [ASHTTPRequest initialize], I changed
[sharedQueue setMaxConcurrentOperationCount:4]
to
[sharedQueue setMaxConcurrentOperationCount:10]
This work for me, but I don't know why.
MORE:
I found this.

As well as what phooze suggested, there is logging in ASIHTTPRequestConfig.h that you can enable, that may provide a clue as to what is happening.

Related

When to use http status and why use it?

For public rest APIs, kinda understand since it gives better info, but it is necessary ? People still need to read the doc anyways ...
For protected(auth required) rest APIs, just 200 or 404 to prevent leaking important server stats?
Ex: Say i have a API endpoint, and authentication failed or other measure cause the failure of auth, should i send 401 code or just say 404 (or any generic code) to refuse the request ?
Ex: Say i have a API endpoint, and authentication failed or other measure cause the failure of auth, should i send 401 code or just say 404 (or any generic code) to refuse the request ?
This is a very useful question, and for a private API the answer is 404. Give the caller nothing. Do not say "you were supposed to authenticate" or "your authentication was wrong" or "if you did something slightly differently, then this would have worked." For a private API, anyone connecting should know what is required. Anyone who doesn't should go away. Send then 404. Nobody is here. This is not an interesting endpoint. Stop scanning me.
For a public API, you want to help your caller as much as possible. Tell them the mistakes they've made and how they might fix the request to be acceptable. For a private API, give nothing.

API Status Page Response Codes

(This is sort of an abstract philosophical question. But I believe it has objective concrete answers.)
I'm writing an API, my API has a "status" page (like, https://status.github.com/).
If whatever logic I have in place to determine the status says everything is good my plan would be to return 200 OK, and a JSON response with more information about each service tested by my status page.
But what if my logic says the API is down? Say the database isn't responding or something.
I think I want to return 500 INTERNAL SERVER ERROR (or 503 SERVICE NOT AVAILABLE) along with a JSON response with more details.
However, is that breaking the HTTP Status Code spec? Would that confuse end users? My status page itself is working just fine in that case. So maybe it should return 200? But that would mean anyone using it would have to dig into the body looking for a specific parameter to determine the API's status vs. just checking the HTTP Status Code. (Also if my status page itself was broken, I'm fine with the end user taking that to mean the API is down since that's a pretty bad sign...)
Thoughts? Is there official protocol on how a status page should work?
https://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
For me the page should return 200 unless has problems itself. Is true that is easier to check the status code of a response than parsing but using HTTP status codes to encode application informations breaks what people (and spiders) expect. If a spider passes for your page and sees a 500 or 503 will think your site has a page with problems, not that that page is ok and is signaling that the site is down.
Also, as you notice, it wont' be possible to distinguish between the service is down and the status page is down cases, with the last the only one that should send 500. Also, what if you show more than one service like the twitter status page ? Use 200.
Related: https://stackoverflow.com/a/943021/1536382 https://stackoverflow.com/a/34324179/1536382

I'm accessing a secure site with httr but I get a server error whenever it isn't the first request

As the title says the site in question is secure and I can't share my credentials but here's the outline of events.
The way the site security works is you send a POST to one url with user/pass and then it sends back a token. All requests then need to carry that token in their headers to work. I can get that to work once. On the first request after the login step I get the results I want. All subsequent requests result in a http 500 error of "Internal Server Error". Of course, in a perfect world, I could go to the server and get logs to see more verbosely what is going on. However, they aren't so accommodating on my planet so I'm left scratching my head.
Just to clarify I can send the exact same request the second time and I get the aforementioned error. So far my work around is to detach httr and then relibrary(httr) to start over. This doesn't seem like it's the best approach for this problem.
I'm guessing that the problem has to do with how httr reuses the same handle but I don't know what info is changing between the two requests.
In pseudo code let's say I do
resp<-POST('https://my.site.com/login', add_headers(.headers=c('user'='me', 'pass'='blah'))
mytoken<-content(resp)$token
qry<-POST('https://my.site.com/soap/qry', add_headers(.headers=c('token'=mytoken)),body=myxmlstring)
#qry will have status 200 and the content I expect
#If I run the same POST command again
qry2<-POST('https://my.site.com/soap/qry', add_headers(.headers=c('token'=mytoken)),body=myxmlstring)
#qry2 will be status code 500
#if I do
detach("package:httr", unload=TRUE)
library(httr)
#and then do the commands again from the top then it will work again.
Ideally, there'd be a parameter I can add to POST which will make each POST completely independent of the last. Short of that I'd be happy with something that makes more sense than detaching and reattaching the package itself.

Should a webserver ignore extra query params or return an error?

I'm implementing the logic for a RESTful web server which supports searching with a SolR like syntax. Here are some common valid requests:
"https://www.somewhere.com/fooResource/123"
"https://www.somewhere.com/fooResource/456"
"https://www.somewhere.com/fooResource?q=title:hi"
"https://www.somewhere.com/fooResource?q=title:hello&sort=foo"
My question is very generic; what should I do if I receive a request like this?
"https://www.somewhere.com/fooResource?q=title:hi&something=foo"
I received a query parameter "something" which has no meaning to me, and our search engine will ignore it. Should I
return a 4xx status code immediately
ignore it and return a 200 with results
either my be "right" depending on my use case
Many web pages just ignore stuff that they aren't expecting.
Usually the URL and parameters are a result of clicking something or running some code on a browser or web service client. These would seldom submit anything unexpected.
If there is some reason you expect someone to be fooling with your web site and submitting requests that are "hackish" in some fashion, you might want to lock them out by recognizing illegal parameters and returning some error. 4xx would be reasonable for REST service.
Read the HTTP status definitions. I would practice not returning anything with bad info. The definition of 400 is The request could not be understood by the server due to malformed syntax. The client SHOULD NOT repeat the request without modifications. and seems appropriate here, but your use case may deem otherwise.
If you IGNORE you are not giving the client any information. They may never know something is wrong.

Is it protocol abuse to report server-side errors through the HTTP status?

I noticed that ColdFusion (version 8 at least) returns the HTTP status code 500 (internal server error) when an uncaught exception occurs in a CFML page. Is this kind of behavior abusing the HTTP status codes, or is it, on the opposite, a nice behavior I should try to reproduce for my other, non-ColdFusion app?
This is a nice behavior. Especially if you are creating services. Applications consuming your end points can simply check the HTTP status to know if there is an error. Typically, you may also include some text about the error in the body.
No it's not abusing, it's a really nice thing to do. AJAX errors are also reported in the status code, description in the body.

Resources