According to the HTTP protocol, the request is triggered from the client, and the server responds to the request and returns the request.
1. Client request
Request message = Request method (GET,POST,PUT,DELETE..) + Request URI(for example, /index.html) + protocol version (HTTP/1.1) + optional request header field + content instanceCopy the code
2. The server responds
Response packet = Protocol version (HTTP/1.1) + status code + explanatory status code reason phrase (OK) + optional response head field + entity body compositionCopy the code
3. HTTP is stateless.
The HTTP protocol does not store the state of communication between the request and response: in order to process a large number of transactions more quickly, the protocol is scalable.
4. HTTP Method
GET: obtains resources and returns response content after the specified resources are parsed by the server.
POST: The body used to transmit the entity (to tell the server information). While GET can also transfer entities, POST is generally used instead of GET.
PUT: Transfers files. It is similar to file uploading over FTP. The file content is contained in the body of the request packet and saved to the specified location of the request URI. HTTP/1.1 PUT does not provide authentication. Therefore, it is not used because of security issues. Representational State Transfer (REST) may expose PUT methods.
HEAD: obtains the packet HEAD. Used to verify the validity of the URI and the date and time of resource updates. (Like GET, but does not return the body part of the message)
DELETE: deletes a file. Deletes the resource specified by the request URI. HTTP/1.1 also does not have an authentication mechanism for DELETE, so it is not used by most Web sites. It is possible to open DELETE methods in REST.
OPTIONS: Queries methods supported for the resource specified by the request URI.
TRACE: A method for the Web server to loop back previous request traffic to the client by tracing the path. At the time of sending the request, the forward field of max-forwards is filled with values. After passing through a server -1, the transmission is stopped when the value reaches zero. At the end, the server which receives the request returns the status code 200. Vulnerable to XST(Cross-site Tracing) attacks.
CONNECT: a tunnel must be established during communication with the proxy server to implement TCP communication using the tunnel protocol. Secure Sockets Layer (SSL) and TransportLayer Security (TLS) protocols are used to encrypt communications and then transmit them over network tunnels.
5. Persistent links save traffic
5.1 keep-alive
HTTP is stateless and does not maintain a connection. When a website receives a large number of requests, TCP connections are established or disconnected each time, which increases the communication cost. Keep-alive (HTTP Persistent Connection) appears in HTTP/1.1 and some HTTP/1.0. As long as any section does not explicitly indicate the disconnection, the TCP Connection is maintained. In HTTP/1.1, all connections are persistent by default.
5.2 Pipelining
Persistent connections make it possible to pipe most requests. Each request no longer needs to wait for a response to end before launching another request, and multiple requests can be sent in parallel.
6. Use cookies for state management
HTTP is stateless and therefore cannot manage requests and responses that have occurred before. Cookie controls client status by writing Cookie information in request and response packets.
- The client initiates a request (e.g. including an account number, password)
- The server receives, verifies, and validates the
The response messageIn the addSet-CookieThe header field saves the authorization information - After the client receives, in the next request, in
The request messagethecookieValue passes authorization information to the server for easy identification
