"Long-polling" is a polling transport that attempts to minimize both latency in server-client message delivery, and the processing/network resources required for the connection. In "traditional" polling, servers send and close responses to requests immediately, even when there are no events to deliver, and worst-case latency is the polling delay between each client request. Long-polling server implementations attempt to hold open each request until there are events to deliver; the goal is to always have a pending request available to use for delivering events as they occur, thereby minimizing the latency in message delivery. Increased server load and resource starvation are addressed by using the reconnect and interval advice fields to throttle clients, which in the worst-case degenerate to traditional polling behaviour.
长轮询是一种轮询方式，这种方式试图最小化服务端-客户端消息传送延迟和连接的处理/网络资源消耗。传统的轮询中，服务端发送并立即关闭到请求的响应，尤其是没有事件传送时，并且最糟糕情况下的延时就是每个客户端请求之间轮询的耽搁。长轮询服务端实现试图保持打开每一个请求，直到有事件要传送；目的就是总有一个可用的未决请求在有事件发生时传送事件，因此最小化了消息传送的延时。靠使用重连和间隔建议字段应对增加的服务端负载和资源竞争，进而节制客户端，最糟糕的情况就是退化到传统的轮询方式。

6.1.1 长轮询请求消息 long-polling request messages

Messages are sent to the server as the body of a POST, encoded either as "application/x-www-form-urlencoded" or as "text/json". If sent as form encoded, the Bayeux messages are sent as the "message" parameter in one of the following forms as:

消息做为POST请求体发往服务端，可以被编码为 "application/x-www-form-urlencoded" 或 "text/json"。如果做为表单编码发送，Bayeux消息做为下列形式之一的"message"参数发送：

6.1.2 长轮询响应消息 long-polling response messages

Messages are sent to the client as unencapsulated body content of a POST response with content type "text/json" or "text/json-comment-filtered". 

消息做为未封装的POST响应体发往客户端，POST响应的内容类型为"text/json" 或 "text/json-comment-filtered"。

6.2. 回调轮询 callback-polling 6.2.1 回调轮询请求消息 callback-polling request messages

Messages are sent to the server either using POST requests as per long-polling transport or as the 'message' URL parameter of a GET request.

发送到服务端的消息，既可以使用每个长轮询传输的POST请求，也可以做为GET请求的message参数。

6.2.2 回调轮询响应消息 callback-polling response messages

Messages are sent to the client as JavaScript function call returned for script source GET requests. The function called will be determined by the 'jsonp' field of any associated request messages, or 'jsonpcallback' if not specified. The called function will be passed a JSON array of Bayeux messages. 

发送到客户端的消息，当作JavaScript函数调用为脚本源GET请求而返回。被调用的函数由相关请求消息的jsonp字段决定，如果不指定（jsonp参数）函数就是jsonpcallback。调用的函数被传入一个Bayeux消息的JSON数组。

7. 安全 Security 7.1. 认证 Authentication

Bayeux may be used with:
Bayeux可以使用

For Bayeux authentication, no algorithm is specified for generating or validating security credentials or token. This version of the protocol only defines that the ext field may be used to exchange authentication challenges, credentials, and tokens and that the advice field may be used to control multiple iterations of the exchange. 

Bayeux认证并没有指定算法，来产生或验证安全证书或令牌。协议的这个版本只定义了扩展字段可被用来交换认证口令，证书，和令牌，而advice字段可以用来控制交换的多次迭代。

The connection negotiation mechanism may be used to negotiate authentication or request re-authentication.

连接协商机制可以被用来协商认证或请求重新认证。

7.2. Ajax劫持 Ajax Hijacking

The Ajax hijacking vulnerability is when an attacking web site uses a script tag to execute JSON content obtained from an Ajax server. The Bayeux protocol is not vulnerable to this style of attack as cookies are not used for authentication and a valid client ID is needed before private client data is returned. The use of POST by some transports further protects against this style of attack. 

Ajax劫持漏洞是当攻击网站使用script标记来是执行从Ajax服务端获取的JSON内容。Bayeue协议不易受这种攻击，因为不使用cookie来认证，并且在私有客户端数据返回前需要一个有效的客户端ID。某些使用POST的传输方式更进一步避免这种类型的攻击。

8. 多框架运作 Multi frame operation

Current HTTP client implementations are RECOMMENDED to allow only two connections between a client and a server. This presents a problem when multiple instances of the Bayeux client are operating in multiple tabs or windows of the same browser instance. The two connection limit can be consumed by outstanding connect meta messages from each tab or window and thus prevent other messages from being delivered in a timely fashion.

当前的HTTP客户端实现只允许在一个客户端和一个服务端之间两个连接。这在多Bayeux客户端实例在同一个浏览器实例的多个标签或窗口中操作时，表现出一个问题。两个连接的限制被来自每个标签或窗口的未决的连接元消息所耗尽，从而防止其他消息被及时传递。

8.1 服务端多框架侦测 Server Multi frame detection