Stateless ProtocolHTTP Request & Response CycleCookie, Session Presented by: DurlabhGiripunje Amit Kumar Sing Samit Kumar Kapat Ashif Khan
A protocol which is incapable of remembering the results and data associated with the transactions it governs.
The best - known stateless protocol is the HYPERTEXT TRANSFER PROTOCOL (HTTP).
A protocol which is able to remember and store details of the transactions which it governs.
A good example of such a protocol is the FILE TRANSFER PROTOCOL (FTP) which, for example, remembers the identity of the client that is using it to DOWNLOAD files.
Stateless Protocol: Advantage & Disadvantage Advantage: The stateless design simplifies the server design because there is no need to dynamically allocate storage to deal with conversations in progress. Disadvantage: A disadvantage is that it may be necessary to include additional information in every request and this extra information will need to be interpreted by the server.
Working of Stateless Protocol
The most interesting pieces of information contained in the request are:
The IP address of you and/or your HTTP proxy
Which document you requested
Which version of which browser you're using
Which page you came from to get here (if you followed a link)
Your preferred language(s)
What is Cookie?
It is a piece of text stored by a user's web browser.
- Session Cookies - Persistent Cookies
Setting a cookie
Set a cookie setcookie(name [,value [,expire [,path [,domain [,secure]]]]]) name = cookie name value = data to store (string) expire = when the cookie expires.Defaultis that cookie expires when browser is closed. path = Path on the server domain = Domain at which the cookie is available for. secure = If cookie should be sent over HTTP connection only. Default false. Set-Cookie: name=newvalue; expires=date; path=/; domain=.example.org. Set-Cookie: RMID=732423sdfs73242; expires=Fri, 31-Dec-2010 23:59:59 GMT; path=/; domain=.example.net
Advantage And Disadvantage of Cookies Advantage Acts as your identification card It maintain the session between the client and server Page will be displayed quickly Disadvantage Use as a spyware Storage
Some facts of Cookie…
Each cookie on the user’s computer is connected to a particular domain.
Each cookie be used to store up to 4kB of data.
A maximum of 20 cookies can be stored on a user’s PC per domain.
Browsers are preprogrammed to allow a total of 300 Cookies, after which automatic deletion based on expiry date and usage
Session In computer science, in particular networking, a sessionis a semi-permanent interactive information interchange. It is also known as:- Dialogue Conversation or meeting. A session is between :- Two or more communicating devices A computer and user
A session may be implemented as part of protocols and services at the Application layer Ex-HTTP Sessions, TELNET remote login sessions Session layer A session initiation protocol based internet phone call Transport layer A TCP session which is synonyms of TCP connection or established TCP sockets.
Types of session Session implemented using software TCP sessions are typically implemented in software using multithreading. A new process or thread is created when the computer establishes or joins a Session. The advantage with multiple processes or threads is relaxed complexity of the software, since each thread is an instance with its own history and encapsulated variables. The disadvantage is large overhead in terms of system resources, and that the session may be interrupted if the system is restarted.
Server side web sessions Server-side sessions are handy and efficient, but can become difficult to handle in conjunction with load-balancing/high-availability systems and are not usable at all in embedded systems with no storage. The load-balancing problem can be solved by using shared storage. A method of using server-side sessions in systems without mass-storage is to reserve a portion of RAM for storage of session data. This method is applicable for servers with a limited number of clients (e.g. router or access point with infrequent or disallowed access to more than one client at a time).
HTTP session token A session token is a unique identifier that is generated and sent from a server to a client to identify the current interaction session. The client usually stores and sends the token as an HTTP cookie and/or sends it as a parameter in GET or POST queries. The reason to use session tokens is that the client only has to handle the identifier—all session data is stored on the server (usually in a database, to which the client does not have direct access) linked to that identifier.