Features of HTTP
Derek Bridge
Department of Computer Science,
University College Cork
Features of HTTP
Aims: to understand the concepts of
- content type
- content negotiation
- persistence
- state
- proxies
- caching
in HTTP
Content negotiation
- Sometimes a server may have different representations of the same resource, e.g.
- language: the same web page in English and Gaelic
- media type: the same image in GIF and PNG; the same sound clip in WAV and MP3
- A request from a browser can contain header lines that state preferences
- E.g.
Accept-Language: ga
- E.g.
Accept: image/png; q=1.0, image/gif; q=0.9, audio/mpeg; q=1.0, audio/wav; q=0.9
- The server tries to satisfy the preferences, but if there's only one version of a resource
then that version is returned irrespective
Persistent connections
- As we've seen, to display one web page the browser may need to make several requests
-
In HTTP/1.0, there is a separate TCP connection for each request
- Opening and closing connections takes a substantial amount of time/bandwidth
Persistent connections
- Since most of the files will be on the same server, it makes sense to use the
same TCP connection for multiple requests
-
In HTTP/1.1, a TCP connection 'persists' until the browser sends a request that
contains a special header or until some time has expired
- Pipelining: The browser can even send a request before it has received
a response to the previous one
Cookies
- HTTP is a stateless protocol
- each request is independent: it has no memory of previous requests
- not good for e-commerce. Why?
- Cookies allow state management
- A cookie is a small amount of data (a name/value pair)
- E.g. id=visitor123
- A header line in the server's response can contain a cookie
- If cookies are enabled, the browser stores the cookie and the page/server it came from
- Next time the browser sends a request to that page/server, it includes the cookie
in a header line
- This enables the server to know about your previous visit(s)
Cookies example
- The browser sends a request to
www.amazon.co.uk
:
GET /index.html HTTP/1.1
...
- The server stores information about your visit
- Its response requests the browser to store a cookie:
HTTP/1.1 200 OK
Set-Cookie: id=visitor123
...
- Assuming cookies are enabled, the browser stores the cookie along with server
(
www.amazon.co.uk
)
- Subsequently, you visit
www.amazon.co.uk
again.
- The browser includes the cookie in the request:
GET /index.html HTTP/1.1
Cookie: id=visitor123
...
- The server can make use of what it stored about your previous visit
Irresponsible use of cookies
- Transmission of sensitive information
- Violations of privacy
- Third-party cookies
- Cookie theft
Proxies
A company/university might require all web traffic in and out to pass through an
intermediary called a proxy
Diagram of HTTP requests and responses through a proxy modified from The TCP/IP Guide by Charles M. Kozierok
Proxies
- Logging of all traffic in and out
- Filtering
- e.g. prevent employees from requesting objectionable/insecure content from outside
- e.g. prevent outside servers from delivering harmful content (viruses, etc.)
- e.g. prevent outside clients from trying to access sensitive resources
- Improve performance
- they may cache pages
- proxy may be able to respond to a request directly without forwarding it to the server