Top Banner

Click here to load reader

©Yaron Kanza HTTP Written by Dr. Yaron Kanza, Edited with permission from author by Liron Blecher

Jan 04, 2016

ReportDownload

Documents

HTTP

HTTPWritten by Dr. Yaron Kanza, Edited with permission from author by Liron Blecher

Yaron Kanza AgendaThe World-Wide WebRequestsResponsesAuthenticationSessionsAdvanced Topics

23

CSSJSHTMLServerServerBrowserBrowserJSCSSHTMLTransfer of resources is using HTTPThe World-Wide Web 4host www.google.comBrowser

user requests http:// www.google.comWeb ServerFilesindex.htmlBrowser-HTTPD Interaction 5Gets an IP Address

Establishes a TCP ConnectionWeb ServerSends an HTTP RequestReceives an HTTP ResponsePresents a PageThe BrowserCan it present the page now?How?To which port?Browser-HTTPD Interaction 6ListensEstablishes a TCP ConnectionWeb ServerReceives an HTTP RequestSends an HTTP Response???The ServerIs that all?To what?

Browser-HTTPD Interaction 7protocol://host:port/path#anchor?parametershttp://www.mta.ac.il/index.htmlhttp://www.google.com/search?hl=en&q=blablaprotocol://host:port/path#anchor?parametersprotocol://host:port/path#anchor?parametersprotocol://host:port/path#anchor?parametersprotocol://host:port/path#anchor?parametersprotocol://host:port/path#anchor?parametersParameters appear in URLs of dynamic pagesAre URLs good identifiers?Can they be used as keys of resources? Universal Resource Location URL, URN and URIURL is Universal Resource LocationURN is Universal Resource NameIndependent of a specific location, e.g.,urn:ietf:rfc:3187URI is either a URN or a URLThere are many possible formats to URIsmailto:news:http://www.mta.ac.il/8 TerminologyWeb Server is an implementation of an HTTP Daemon (either HTTP/1.0 or HTTP/1.1)User Agent (UA) is a client (e.g., browser)Origin Server is the server that has the resource that is requested by a client9 Main Features of HTTPStatelessPersistent connection (in HTTP/1.1)Pipelining (in HTTP/1.1)Caching (improved in HTTP/1.1)Compression negotiation (improved in 1.1)Content negotiation (improved in 1.1)Interoperability of HTTP/1.0 and HTTP/1.110 Requests and ResponsesA UA sends a request and gets back a responseRequests and responses have headersHTTP1.0 defines 16 headersNone is required HTTP1.1 defines 46 headersThe Host header is required in all requests 11 Hop-by-Hop vs. End-to-EndHTTP requests and responses may travel between the UA and the origin server through a series of proxiesThus, in an HTTP connection there is a distinction between Hop-by-Hop, andEnd-to-EndSome headers are hop-by-hop and some are end-to-end (in HTTP/1.1)Each hop is a separate TCP connection12 NoteHTTP (both 1.0 and 1.1) has always specified that an implementation should ignore a header that it does not understandThe header should not be deleted just ignored!This rule allows extensions by means of new headers, without any changes in existing specifications13 AgendaThe World-Wide WebRequestsResponsesAuthenticationSessionsAdvanced Topics

1415The Format of a RequestmethodspURIspversioncrlfcrlfEntity(Message Body(header:valuecrlfheader:valuecrlfheaderlinesThe URI is specified without the host name GET /index.html HTTP/1.1Accept: image/gif, image/jpegUser-Agent: Mozilla/4.0Host: www.cs.mta.ac.il:80Connection: Keep-Alive[blank line here] methodrequest URIversionheaders16An Example of a Request 17

An Example of a Request Common Request MethodsGET returns the content of a resourceHEAD only returns the headersPOST sends data to the given URI

OPTIONS requests information about the communication options available for the given URI, such as supported content types* instead of a URI requests information that applies to the given Web server in generalOPTIONS is not fully specified18 Additional Request MethodsPUT replaces the content of the given URI or generates a new resource at the given URI if none existsDELETE deletes the resource at the given URITRACE invokes a remote loop-back of the requestThe final recipient should reflect the message back to the clientCONNECT switches the proxy to become a tunnelDo servers really support PUT or DELETE?19 Where Do Request Headers Come From?The UA sends headers with each requestThe user may determine some of these headers through the browser configurationProxies along the way may add their own headers and delete existing (hop-by-hop) headers20 AgendaThe World-Wide WebRequestsResponsesAuthenticationSessionsAdvanced Topics

2122The Format of a ResponsecrlfEntity(Message Body)header:valuecrlfheader:valuecrlfheaderlinesversionspstatus codespphrasecrlfstatusline HTTP/1.0 200 OK Date: Fri, 31 Dec 1999 23:59:59 GMT Content-Type: text/html Content-Length: 1354

Hello World (more file contents) . . . versionmessage bodyheadersstatus phrasestatus codeAn Example of a Response23 24

An Example of a Response Status Codes in ResponsesThe status code is a three-digit integer, and the first digit identifies the general category of response: 1xx indicates an informational message 2xx indicates success of some kind 3xx redirects the client to another URL4xx indicates an error on the client's partYes, the system blames it on the client if a resource is not found (i.e., 404)5xx indicates an error on the server's part 25 Where Do Status Codes Come From?Web servers and applications creating dynamic pages determine status codesIt is important to configure Web servers and write applications creating dynamic pages so that they will return correct, meaningful and useful status codes and headers26 TomcatTomcat is a simple web server that we will use in this courseIn Tomcat, configuration of HTTP response headers is in the server.xml file27 AgendaThe World-Wide WebRequestsResponsesAuthenticationSessionsAdvanced Topics

28Restrict AccessSome applications should restrict access to authorized users onlyIP-address-basedAccess is permitted only to certain IP addressesForm-basedThe first page shown to the user is a form that requests for a passwordHTTP BasicDoes it also allow the user application authenticate the server?29 HTTP BasicThe user tries to access the pageThe server response isHTTP/1.1 401 UnauthorizedWWW-Authenticate: Basic realm=Description of the restricted siteThe browser pops up a prompt window asking for a user name and passwordThe user input is encoded and sent to the serverAuthorization: Basic emFjaGFyawFzOMFwcGxcGlCg==If authorization succeeds, resources are sent to the browser

name;password encoded in Base6430 AgendaThe World-Wide WebRequestsResponsesAuthenticationSessionsAdvanced Topics

31HTTP is StatelessTheoretically, each request-response is an independent interactionHow can we implement an online storePayment and shipment are according to the state of some virtual shopping cartDoes persistent connection provide a solution?32 SessionsA session is a sequence of related interactions between a client and a serverA session allows responses to be according to a stateA shared state can be shared by several usersA session state is a state of a single userA transient state is a refers to a single interaction

33 Implementing SessionsURL RewritingHidden Form FieldsCookies34 AgendaThe World-Wide WebRequestsResponsesAuthenticationSessionsAdvanced Topics

35The Host Header in Requests - HTTP/1.0If the URL ishttp://www.example.com/home.html,then the HTTP/1.0 syntax isGET /home.html HTTP/1.0and the TCP connection is to port 80 at the IP address corresponding to www.example.comWhy is the Host Header Required in HTTP/1.1?36 Why is the Host Header Required in HTTP/1.1?In HTTP/1.0, there can be at most one HTTP server per IP addressThis wastes IP addresses, since companies like to use many vanity URLs (that is, URLs that only consist of hostnames)In HTTP/1.1, requests to different HTTP servers can be sent to port 80 at the same IP address, since each request contains the host name in the Host headerWhy is the Hostname not in the URL?37 Why is the Hostname not in the URL?To ensure interoperability with HTTP/1.0An HTTP/1.0 server will incorrectly process a request that has an absolute URL (i.e., a URL that includes the hostname)An HTTP/1.1 must reject any HTTP/1.1 (but not HTTP/1.0) request that does not have the Host header38 39

ImagesHTML CodeStyle SheetWhat we see on the browser can be a combination of several resourcesHow can we improve the efficiency of presenting a page?What is wrong with a nave retrieval of the resources?Nesting in Page 40

The facultys homepage requires seven HTTP requestsHttpWatch The ProblemTypically, each resource consists of several files, rather than just oneEach file requires a separate HTTP requestHTTP/1.0 requires opening a new TCP connection for each requestTCP has a slow start and therefore, opening a series of new connections is inefficient 41 In HTTP/1.1, several requests can be sent on the same TCP connectionThe slow-start overhead is incurred only once per resourceA connection is closed if it remains idle for a certain amount of timeAlternatively, the server may decide to close it after sending the responseIf so, the response should include the header Connection: close42Persistent Connections are the Default in HTTP/1.1 PipeliningWhen the connection is persistent, the next request can be sent before receiving the response to the previous requestActually, a client can send many requests before receiving the first responsePerformance can be greatly improvedNo need to wait for network round-trips43 Best-Possible Use of TCPA Client sends requests in some given orderTCP guarantees that the requests are received in the order that they were sentThe server sends responses in the order that it received the corresponding requestsTCP guarantees that responses are received in the order that they were sentThus, the client knows how to associate the responses with its requests44 But a TCP Connection is Just a Byte StreamSo, how does the client know where one response ends and another begins?Parsing is inefficient and anyhow will not work (why?)The server must add the Content-Length header to the respons

Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.