8/9/2019 WWW Part 2

1/24

Introduction to Internet

Programming

HTTP

8/9/2019 WWW Part 2

2/24

HyperText Transfer Protocol (HTTP)

It is a networking protocol for distributed,collaborative, hypermedia information systems.

HTTPis the foundation of data communication for the

orld ide eb

Its original purpose was to provide a way to publish

and retrieve HTMLpages.

HTTP/1.1! "ersion of HTTP in common use today.

HTTPis anApplication Layer protocol designedwithin the framework of the Internet Protocol

Suite.

8/9/2019 WWW Part 2

3/24

HyperText Transfer Protocol (HTTP)

HTTP is a request/responseprotocol between clients andservers. The originating client, such as a web browser, spider, or other

end#user tool, is referred to as the user agent. The destination server, which stores or creates resources such

as HT$% files and images, is called the origin server. & response contains completion status information about there'uest and may contain any content re'uested by the client inits message body.

The HTTP protocol is designed to permit intermediatenetwork elements to improve or enable communicationsbetween clients and servers. High traffic website often benefit from web cache servers that

deliver content on behalf of the origin server to improve responsetime.

8/9/2019 WWW Part 2

4/24

HyperText Transfer Protocol (HTTP)

In between the user agent and origin server maybe several intermediaries, such asproxies,

gateways, and tunnels.

HTTP proxy servers at network boundaries facilitatecommunication when clients without a globally

routable address are located in private networks by

relaying the re'uests and responses between clients

and servers

8/9/2019 WWW Part 2

5/24

8/9/2019 WWW Part 2

6/24

HTTP Session

-pon receiving the re'uest, the server sendsback!

& statusline, such as! HTTP/!"! #$$ %&/, and

& messageof its own, the body of which is perhapsthe re'uested file, an error message or some other

information.

0esources to be accessed by HTTPare

identified using Uniform esource Identifiers(UIs+ (or, more specifically, 'Ls+ using the

)ttp! or )ttps! 'Ischemes.

8/9/2019 WWW Part 2

7/24

HyperText Transfer Protocol (HTTP)

& typical HTTPmessage has a )ea*erand a+o*y!

Header!

Includes version, data from client1server, date, type ofcontent (MIM,+ and si2e.

!ody!

3ontains the actual resource1information.

8/9/2019 WWW Part 2

8/24

HyperText Transfer Protocol (HTTP)

Typical MIMEtypes! htm1html, t4t, 5pg15peg, gif, png, 4html, pdf, wmf, rm,

swf, 2ip, rar6

&ccording to the "I"#type, the browser knowshow to handle the resource.

In#built support for some applications.

Helper applications (add#ins+ for non#supported types.

8/9/2019 WWW Part 2

9/24

HTTP e$uest "ethods

H#%&! &sks for the response identical to the one thatwould correspond to a 78T re'uest, but without the

response body.

-seful for retrieving meta#information written in response

headers, without having to transport the entire content.

'#T! 0e'uests a representation of the specified

resource.

9y far the most common method used on the eb today.

:hould not be used for operations that cause si*e-e..ects

(using it for actions in web applications is a common

misuse+ see sa.e met)o*s later.

8/9/2019 WWW Part 2

10/24

HTTP e$uest "ethods

PST! :ubmits data to be processed (e.g. froman HT$% form+ to the identified resource. The

data is included in the body of the re'uest.

This may result in the creation of a new resource or

the updates of e4isting resources or both.

PUT! -ploads a representation of the specified

resource.

#T#! ;eletes the specified resource.

8/9/2019 WWW Part 2

11/24

HTTP e$uest "ethods

T%*#! 8choes back the received re'uest, sothat a client can see what intermediate servers

are adding or changing in the re'uest.

PTI+S! 0eturns the HTTPmethods that theserver supports.

*++#*T! 3onverts the re'uest connection to a

transparent TCP/IP tunnel, usually to facilitate

::%#encrypted communication (HTTPS+ throughan unencrypted HTTPpro4y.

8/9/2019 WWW Part 2

12/24

e$uest "essage

The re'uest message consists of the following!& re'uest line, for e4ample 78T 1images1logo.png

HTTP1

8/9/2019 WWW Part 2

13/24

esponse message

The response message consists of the following!& :tatus#%ine (for e4ample HTTP1?, which

indicates that the client@s re'uest succeeded+

Headers, such as 3ontent#Type! te4t1html

&n empty line

&n optional message body

8/9/2019 WWW Part 2

14/24

HTTP Safe,Unsafe "ethods

:ome methods (e.g. H,A0or 1,T+ are definedas safe. These are intended only for in.ormationretrievaland

should not c)angethe stateof the server (in other

words, they should not have si*e e..ects+. Unsafemethods (such as P%ST, P'Tand

0,L,T,+ change the stateof the server. They should be displayed to the user in a special way,

typically as +uttonsrather than lin2s, thus making theuser awareof possible o+ligations(such as a buttonthat causes a financial transaction+.

8/9/2019 WWW Part 2

15/24

HTTP Safe,Unsafe "ethods

;espite the re'uired safety of 1,Tre'uests, inpractice, they can cause changes on the server.

Aor e4ample, a eb server may use the retrieval

through a simple hyperlink to initiate deletion of a

database record, thus causing a change of the server@s

stateas a side#effect of a 1,Tre'uest.

This is discouraged-

8/9/2019 WWW Part 2

16/24

HTTP Persistent *onnections

In HTTP/$"3and !"$, the connection is close*after a single re'uest1response pair.

In HTTP/!"!a 2eep-alive-mec)anismwas

introduced, where a connection could be reusedfor more than one re'uest.

:uchpersistentconnections reduce re'uest latency

perceptibly, because the client does not need to re#

negotiate the T3P connection after the first re'uesthas been sent.

8/9/2019 WWW Part 2

17/24

HTTP Persistent *onnections

4ersion !"! of the protocol also introduced! C)un2e* trans.er enco*ing to allow content on

persistentconnections to be streame*, rather than

+u..ere*.

HTTP pipelining, which allows clients to send some

types of re'uests before the previous response has

been received, further reducing lag.

8/9/2019 WWW Part 2

18/24

HTTP Session State

HTTP is a statelessprotocol. The advantage of a stateless protocol is that

hosts do not need to retain information about

users between re'uests. This forces programmers to use of alternative

methods for maintaining users@ stateB e.g.

hen a host would like to customise content for a user

who has visited the site before.

hen you want to edit1delete the current record in a

database.

8/9/2019 WWW Part 2

19/24

HTTP Session State

The common methods for solving this probleminvolve!

8/9/2019 WWW Part 2

20/24

Stateless Protocols

%dvantages esource saving! It simplifies server design because it

does not need to dynamically allocate storage to dealwith conversations in progress or worry about freeing it

if a client dies in mid#transaction. &isadvantages

It may be necessary to include more information ineach re'uest and this e4tra information will need to be

interpreted by the server each time. $ost database applications re'uire that the server

remembers their state.

8/9/2019 WWW Part 2

21/24

Secure HTTP

Secure connections are used when sensitiveinformation needs to be e4changed.

e.g.! 3redit 3ard nos.

They provide a method for aut)enticationof theconnection and encryptionof the information.

There are currently two methods of establishing a

secure HTTP connection!

8/9/2019 WWW Part 2

22/24

The https UI Scheme

This is syntactically identical to the )ttp! scheme usedfor normal HTTP connections.

It signals the browser to use an added encryption

layer! Secure Soc2ets Layer (SSLor Transport Layer

Security (TLSconnection, to protect the traffic.

It uses port FFE.

HTTP: connections are often used for payment

transactions on the orld ide eb and for sensitivetransactions in corporate information systems.

8/9/2019 WWW Part 2

23/24

The https UI Scheme

:ince browser support for the 'pgra*e Hea*er isnearly non#e4istent, the https URI Schemeis still

the dominant method of establishing a secure

HTTPconnection.

8/9/2019 WWW Part 2

24/24

The HTTP .-. Upgrade header

HTTP !"! introduced support for the Upgradeheader.

In the e4change, the client begins by making a

clear#te4t re'uest, which is later upgraded toTLS.

8ither the client or the server may re'uest (or

demand+ that the connection be upgraded.