Upload
nelson-ochieng-odunga
View
215
Download
0
Embed Size (px)
Citation preview
8/9/2019 WWW Part 2
1/24
Introduction to Internet
Programming
HTTP
8/9/2019 WWW Part 2
2/24
HyperText Transfer Protocol (HTTP)
It is a networking protocol for distributed,collaborative, hypermedia information systems.
HTTPis the foundation of data communication for the
orld ide eb
Its original purpose was to provide a way to publish
and retrieve HTMLpages.
HTTP/1.1! "ersion of HTTP in common use today.
HTTPis anApplication Layer protocol designedwithin the framework of the Internet Protocol
Suite.
8/9/2019 WWW Part 2
3/24
HyperText Transfer Protocol (HTTP)
HTTP is a request/responseprotocol between clients andservers. The originating client, such as a web browser, spider, or other
end#user tool, is referred to as the user agent. The destination server, which stores or creates resources such
as HT$% files and images, is called the origin server. & response contains completion status information about there'uest and may contain any content re'uested by the client inits message body.
The HTTP protocol is designed to permit intermediatenetwork elements to improve or enable communicationsbetween clients and servers. High traffic website often benefit from web cache servers that
deliver content on behalf of the origin server to improve responsetime.
8/9/2019 WWW Part 2
4/24
HyperText Transfer Protocol (HTTP)
In between the user agent and origin server maybe several intermediaries, such asproxies,
gateways, and tunnels.
HTTP proxy servers at network boundaries facilitatecommunication when clients without a globally
routable address are located in private networks by
relaying the re'uests and responses between clients
and servers
8/9/2019 WWW Part 2
5/24
8/9/2019 WWW Part 2
6/24
HTTP Session
-pon receiving the re'uest, the server sendsback!
& statusline, such as! HTTP/!"! #$$ %&/, and
& messageof its own, the body of which is perhapsthe re'uested file, an error message or some other
information.
0esources to be accessed by HTTPare
identified using Uniform esource Identifiers(UIs+ (or, more specifically, 'Ls+ using the
)ttp! or )ttps! 'Ischemes.
8/9/2019 WWW Part 2
7/24
HyperText Transfer Protocol (HTTP)
& typical HTTPmessage has a )ea*erand a+o*y!
Header!
Includes version, data from client1server, date, type ofcontent (MIM,+ and si2e.
!ody!
3ontains the actual resource1information.
8/9/2019 WWW Part 2
8/24
HyperText Transfer Protocol (HTTP)
Typical MIMEtypes! htm1html, t4t, 5pg15peg, gif, png, 4html, pdf, wmf, rm,
swf, 2ip, rar6
&ccording to the "I"#type, the browser knowshow to handle the resource.
In#built support for some applications.
Helper applications (add#ins+ for non#supported types.
8/9/2019 WWW Part 2
9/24
HTTP e$uest "ethods
H#%&! &sks for the response identical to the one thatwould correspond to a 78T re'uest, but without the
response body.
-seful for retrieving meta#information written in response
headers, without having to transport the entire content.
'#T! 0e'uests a representation of the specified
resource.
9y far the most common method used on the eb today.
:hould not be used for operations that cause si*e-e..ects
(using it for actions in web applications is a common
misuse+ see sa.e met)o*s later.
8/9/2019 WWW Part 2
10/24
HTTP e$uest "ethods
PST! :ubmits data to be processed (e.g. froman HT$% form+ to the identified resource. The
data is included in the body of the re'uest.
This may result in the creation of a new resource or
the updates of e4isting resources or both.
PUT! -ploads a representation of the specified
resource.
#T#! ;eletes the specified resource.
8/9/2019 WWW Part 2
11/24
HTTP e$uest "ethods
T%*#! 8choes back the received re'uest, sothat a client can see what intermediate servers
are adding or changing in the re'uest.
PTI+S! 0eturns the HTTPmethods that theserver supports.
*++#*T! 3onverts the re'uest connection to a
transparent TCP/IP tunnel, usually to facilitate
::%#encrypted communication (HTTPS+ throughan unencrypted HTTPpro4y.
8/9/2019 WWW Part 2
12/24
e$uest "essage
The re'uest message consists of the following!& re'uest line, for e4ample 78T 1images1logo.png
HTTP1
8/9/2019 WWW Part 2
13/24
esponse message
The response message consists of the following!& :tatus#%ine (for e4ample HTTP1?, which
indicates that the client@s re'uest succeeded+
Headers, such as 3ontent#Type! te4t1html
&n empty line
&n optional message body
8/9/2019 WWW Part 2
14/24
HTTP Safe,Unsafe "ethods
:ome methods (e.g. H,A0or 1,T+ are definedas safe. These are intended only for in.ormationretrievaland
should not c)angethe stateof the server (in other
words, they should not have si*e e..ects+. Unsafemethods (such as P%ST, P'Tand
0,L,T,+ change the stateof the server. They should be displayed to the user in a special way,
typically as +uttonsrather than lin2s, thus making theuser awareof possible o+ligations(such as a buttonthat causes a financial transaction+.
8/9/2019 WWW Part 2
15/24
HTTP Safe,Unsafe "ethods
;espite the re'uired safety of 1,Tre'uests, inpractice, they can cause changes on the server.
Aor e4ample, a eb server may use the retrieval
through a simple hyperlink to initiate deletion of a
database record, thus causing a change of the server@s
stateas a side#effect of a 1,Tre'uest.
This is discouraged-
8/9/2019 WWW Part 2
16/24
HTTP Persistent *onnections
In HTTP/$"3and !"$, the connection is close*after a single re'uest1response pair.
In HTTP/!"!a 2eep-alive-mec)anismwas
introduced, where a connection could be reusedfor more than one re'uest.
:uchpersistentconnections reduce re'uest latency
perceptibly, because the client does not need to re#
negotiate the T3P connection after the first re'uesthas been sent.
8/9/2019 WWW Part 2
17/24
HTTP Persistent *onnections
4ersion !"! of the protocol also introduced! C)un2e* trans.er enco*ing to allow content on
persistentconnections to be streame*, rather than
+u..ere*.
HTTP pipelining, which allows clients to send some
types of re'uests before the previous response has
been received, further reducing lag.
8/9/2019 WWW Part 2
18/24
HTTP Session State
HTTP is a statelessprotocol. The advantage of a stateless protocol is that
hosts do not need to retain information about
users between re'uests. This forces programmers to use of alternative
methods for maintaining users@ stateB e.g.
hen a host would like to customise content for a user
who has visited the site before.
hen you want to edit1delete the current record in a
database.
8/9/2019 WWW Part 2
19/24
HTTP Session State
The common methods for solving this probleminvolve!
8/9/2019 WWW Part 2
20/24
Stateless Protocols
%dvantages esource saving! It simplifies server design because it
does not need to dynamically allocate storage to dealwith conversations in progress or worry about freeing it
if a client dies in mid#transaction. &isadvantages
It may be necessary to include more information ineach re'uest and this e4tra information will need to be
interpreted by the server each time. $ost database applications re'uire that the server
remembers their state.
8/9/2019 WWW Part 2
21/24
Secure HTTP
Secure connections are used when sensitiveinformation needs to be e4changed.
e.g.! 3redit 3ard nos.
They provide a method for aut)enticationof theconnection and encryptionof the information.
There are currently two methods of establishing a
secure HTTP connection!
8/9/2019 WWW Part 2
22/24
The https UI Scheme
This is syntactically identical to the )ttp! scheme usedfor normal HTTP connections.
It signals the browser to use an added encryption
layer! Secure Soc2ets Layer (SSLor Transport Layer
Security (TLSconnection, to protect the traffic.
It uses port FFE.
HTTP: connections are often used for payment
transactions on the orld ide eb and for sensitivetransactions in corporate information systems.
8/9/2019 WWW Part 2
23/24
The https UI Scheme
:ince browser support for the 'pgra*e Hea*er isnearly non#e4istent, the https URI Schemeis still
the dominant method of establishing a secure
HTTPconnection.
8/9/2019 WWW Part 2
24/24
The HTTP .-. Upgrade header
HTTP !"! introduced support for the Upgradeheader.
In the e4change, the client begins by making a
clear#te4t re'uest, which is later upgraded toTLS.
8ither the client or the server may re'uest (or
demand+ that the connection be upgraded.