- Outgoing connections are shared between clients (if there are more
- than one) and closing the client that initiated the outgoing connection
- does not affect the connection between &my-app; and the server unless
- the client's request hasn't been completed yet. If the outgoing connection
- is idle, it will not be closed until either <application>Privoxy's</application>
- or the server's timeout is reached. While it's open, the server knows
- that the system running &my-app; is still there.
+ If this option is effective, outgoing connections are shared between
+ clients (if there are more than one) and closing the client that initiated
+ the outgoing connection does no longer affect the connection between &my-app;
+ and the server unless the client's request hasn't been completed yet.
+ </para>
+ <para>
+ If the outgoing connection is idle, it will not be closed until either
+ <application>Privoxy's</application> or the server's timeout is reached.
+ While it's open, the server knows that the system running &my-app; is still
+ there.
+ </para>
+ <para>
+ If there are more than one client (maybe even belonging to multiple users),
+ they will be able to reuse each others connections. This is potentially
+ dangerous in case of authentication schemes like NTLM where only the
+ connection is authenticated, instead of requiring authentication for
+ each request.
+ </para>
+ <para>
+ If there is only a single client, and if said client can keep connections
+ alive on its own, enabling this option has next to no effect. If the client
+ doesn't support connection keep-alive, enabling this option may make sense
+ as it allows &my-app; to keep outgoing connections alive even if the client
+ itself doesn't support it.
+ </para>
+ <para>
+ This option should only be used by experienced users who
+ understand the risks and can weight them against the benefits.