Closing ws early triggers false positive "hijacked connection" logs

[mcandre]

Trace

2017/02/07 13:38:17 http: response.WriteHeader on hijacked connection
2017/02/07 13:38:17 http: response.Write on hijacked connection

Steps to Reproduce

1. Run a net/http server with a handler upgrading to a WebSocket.
2. Launch a connection to the server, such as with github.com/raphael/wsc.
3. Launch a second connection.
4. Terminate the second connection from the client side (Control+C).
5. The server will report "hijacked connection".

• Am I likely doing something wrong?
• Do gorilla/websocket users need to do anything special to cleanly release resources, close connections, etc.?
• Is this a bug in how gorilla/websocket integrates with net/http?
• Is this a bug in net/http's default session hijacking detection?

System

Go 1.7
macOS Sierra

Am I likely doing something wrong?

The application is using the response writer after the connection was hijacked by Upgrader.Upgrade. The application cannot use the response writer after the connection is hijacked.

It is unlikely that there's a bug or false positive with net/http's hijack warning. The code is simple and is widely used.

Do gorilla/websocket users need to do anything special to cleanly release resources, close connections, etc.?

Yes, the application must close the connection.

[glerchundi]

I had the same issue some time ago and next go1.8 will resolve this issue allowing the detection of hijacked connections by doing a dummy write, take a look here golang/go#16456