Web application Architecture and HTTP Protocol By: Mr. PHUPHA PUNYAPOTASAKUL ( ภูผา ปัญญาโพธาสกุล )

World Wide Web HTML HTTP TCP/IP Network Layer

HTTP Protocol Hypertext Transfer Protocol ( HTTP ) is a communications protocol used to transfer or convey information on intranets and the World Wide Web . Its original purpose was to provide a way to publish and retrieve hypertext pages. Development of HTTP was coordinated by the W3C ( World Wide Web Consortium ) and the IETF ( Internet Engineering Task Force ), culminating in the publication of a series of RFCs , most notably RFC 2616 ( June 1999 ), which defines HTTP/1.1, the version of HTTP in common use.

Hypertext Transfer Protocol ( HTTP ) is a communications protocol used to transfer or convey information on intranets and the World Wide Web . Its original purpose was to provide a way to publish and retrieve hypertext pages. Development of HTTP was coordinated by the W3C ( World Wide Web Consortium ) and the IETF ( Internet Engineering Task Force ), culminating in the publication of a series of RFCs , most notably RFC 2616 ( June 1999 ), which defines HTTP/1.1, the version of HTTP in common use.

HTTP Specification HTTP 1.1 http://tools.ietf.org/html/rfc2616 HTTP 1.0 http://tools.ietf.org/html/rfc1945

HTTP 1.1 http://tools.ietf.org/html/rfc2616

HTTP 1.0 http://tools.ietf.org/html/rfc1945

HTTP Request/Response Server Browser HTTP Response HTTP Request

HTTP Request Methods HEAD Asks for the response identical to the one that would correspond to a GET request, but without the response body. This is useful for retrieving meta-information written in response headers, without having to transport the entire content. GET Requests a representation of the specified resource. By far the most common method used on the Web today. Should not be used for operations that cause side-effects (using it for actions in web applications is a common misuse). See 'safe methods' below. POST Submits data to be processed (e.g. from an HTML form ) to the identified resource. The data is included in the body of the request. This may result in the creation of a new resource or the updates of existing resources or both.

HEAD

Asks for the response identical to the one that would correspond to a GET request, but without the response body. This is useful for retrieving meta-information written in response headers, without having to transport the entire content.

GET

Requests a representation of the specified resource. By far the most common method used on the Web today. Should not be used for operations that cause side-effects (using it for actions in web applications is a common misuse). See 'safe methods' below.

POST

Submits data to be processed (e.g. from an HTML form ) to the identified resource. The data is included in the body of the request. This may result in the creation of a new resource or the updates of existing resources or both.

HTTP Request Methods PUT Uploads a representation of the specified resource. DELETE Deletes the specified resource. TRACE Echoes back the received request, so that a client can see what intermediate servers are adding or changing in the request. OPTIONS Returns the HTTP methods that the server supports. This can be used to check the functionality of a web server. CONNECT Converts the request connection to a transparent TCP / IP tunnel , usually to facilitate SSL -encrypted communication (HTTPS) through an unencrypted HTTP proxy . [ 1 ]

PUT

Uploads a representation of the specified resource.

DELETE

Deletes the specified resource.

TRACE

Echoes back the received request, so that a client can see what intermediate servers are adding or changing in the request.

OPTIONS

Returns the HTTP methods that the server supports. This can be used to check the functionality of a web server.

CONNECT

Converts the request connection to a transparent TCP / IP tunnel , usually to facilitate SSL -encrypted communication (HTTPS) through an unencrypted HTTP proxy . [ 1 ]

HTTP Example HTTP Request GET /index.html HTTP/1.1 Host: www.example.com HTTP Response HTTP / 1.1 200 OK Date : Mon, 23 May 2005 22:38:34 GMT Server : Apache / 1.3.27 ( Unix ) ( Red - Hat / Linux ) Last - Modified : Wed, 08 Jan 2003 23:11:55 GMT Accept - Ranges : bytes Content - Length : 438 Connection : close Content - Type : text / html; charset = UTF-8 <HTML> <HEAD> <TITLE>Title</TITLE> … .

HTTP Request

GET /index.html HTTP/1.1

Host: www.example.com

HTTP Response

HTTP / 1.1 200 OK

Date : Mon, 23 May 2005 22:38:34 GMT

Server : Apache / 1.3.27 ( Unix ) ( Red - Hat / Linux )

Last - Modified : Wed, 08 Jan 2003 23:11:55 GMT

Accept - Ranges : bytes

Content - Length : 438

Connection : close

Content - Type : text / html; charset = UTF-8

<HTML>

<HEAD>

<TITLE>Title</TITLE>

… .

HTML

HTML Example <html> <head> <title>Title< / title> <meta http - equiv =&quot; Content - Type &quot; content =&quot; text / html; charset = utf-8 &quot; > <link href =&quot;../ style / framework . css &quot; rel =&quot; stylesheet &quot; type =&quot; text / css &quot; > <script language =&quot; JavaScript &quot; src =&quot;../ script / framework / config . js &quot; >< / script> < / head> <body leftmargin =&quot; 0 &quot; topmargin =&quot; 0 &quot; marginwidth =&quot; 0 &quot; marginheight =&quot; 0 &quot; > … . … .. … . </body> </html>

<html>

<head>

<title>Title< / title>

<meta http - equiv =&quot; Content - Type &quot; content =&quot; text / html; charset = utf-8 &quot; >

<link href =&quot;../ style / framework . css &quot; rel =&quot; stylesheet &quot; type =&quot; text / css &quot; >

<script language =&quot; JavaScript &quot; src =&quot;../ script / framework / config . js &quot; >< / script>

< / head>

<body leftmargin =&quot; 0 &quot; topmargin =&quot; 0 &quot; marginwidth =&quot; 0 &quot; marginheight =&quot; 0 &quot; >

… .

… ..

… .

</body>

</html>

HTML Specification Reference http :// www . w3 . org / TR / html4 / Maintain by Support History http:// www.eskimo.com/~bloo/indexdot/html/supportkey/a.htm

Reference http :// www . w3 . org / TR / html4 /

Maintain by

Support History http:// www.eskimo.com/~bloo/indexdot/html/supportkey/a.htm

How does it work? Browser HTTP Request TCP/IP Packet Network

How does it work? Server HTTP Request TCP/IP Packet Network HTML Output HTTP Response TCP/IP Packet

How does it work? Browser Network HTML Output HTTP Response TCP/IP Packet

Question If HTTP message is larger than TCP/IP packet’s max length, what will happen? Is it possible to have more than one web site in the same server? How does it work? How can we know the server’s IP address

If HTTP message is larger than TCP/IP packet’s max length, what will happen?

Is it possible to have more than one web site in the same server? How does it work?

How can we know the server’s IP address

TCP/IP Each TCP/IP connection Source IP Source Port Destination IP Destination Port Reliable transmission Establish connection before transmit More overhead than UDP

Each TCP/IP connection

Source IP

Source Port

Destination IP

Destination Port

Reliable transmission

Establish connection before transmit

More overhead than UDP

Virtual Host Multi domain name in one server Each domain name have their own content, files, resource and etc. separately Domain name come from HTTP Request message Where IP come from?

Multi domain name in one server

Each domain name have their own content, files, resource and etc. separately

Domain name come from HTTP Request message

Where IP come from?

HTTP Persistent Connection Send multi HTTP Request in one connection Why? Reduce overhead Get response faster

Send multi HTTP Request in one connection

Why?

Reduce overhead

Get response faster

HTTP Session State HTTP is a stateless protocol Web server implementation much easier and much more effective Dynamic content? Control session on application level

HTTP is a stateless protocol

Web server implementation much easier and much more effective

Dynamic content?

Control session on application level

More detail about HTTP HTTP Header specification http :// en . wikipedia . org / wiki / List_of_HTTP_headers HTTP Status code http://en.wikipedia.org/wiki/List_of_HTTP_status_codes HTTP Compression Reduce bandwidth Use Content - Encoding

HTTP Header specification http :// en . wikipedia . org / wiki / List_of_HTTP_headers

HTTP Status code http://en.wikipedia.org/wiki/List_of_HTTP_status_codes

HTTP Compression

Reduce bandwidth

Use Content - Encoding

Server concept Application HTTP Request HTTP Response

Server concept Web Server HTTP Request Request parameter Server Page Server Page Server Page Server Page Use URI pattern to select which page to run.. HTML Output + Response parameter HTTP Response

E.g. JSP Web Server Server Page Request Object Response Object

URL Uniform Resource Locators ( URLs ) are strings that specify how to access network resources, such as HTML documents . They are part of the more general class of Universal Resource Identifiers ( URIs ). The most important use of URLs is in HTML documents to identify the targets of hyperlinks . When using a Web browser such as Netscape, every highlighted region has a URL associated with it, which is accessed when the link is activated by a mouse click . Relative URLs specify only a portion of the full URL - the missing information is inferred though the context of the source document .

Uniform Resource Locators ( URLs ) are strings that specify how to access network resources, such as HTML documents . They are part of the more general class of Universal Resource Identifiers ( URIs ). The most important use of URLs is in HTML documents to identify the targets of hyperlinks . When using a Web browser such as Netscape, every highlighted region has a URL associated with it, which is accessed when the link is activated by a mouse click . Relative URLs specify only a portion of the full URL - the missing information is inferred though the context of the source document .

Secure Socket Layer Secure Sockets Layer ( SSL ), are cryptographic protocols that provide secure communications on the Internet for such things as web browsing , e - mail , Internet faxing , instant messaging and other data transfers. URL pattern – https:// For HTTP, normally use port 443 More detail later

Secure Sockets Layer ( SSL ), are cryptographic protocols that provide secure communications on the Internet for such things as web browsing , e - mail , Internet faxing , instant messaging and other data transfers.

URL pattern – https://

For HTTP, normally use port 443

More detail later

Web Cookie s HTTP cookies , sometimes known as web cookies or just cookies , are parcels of text sent by a server to a web browser and then sent back unchanged by the browser each time it accesses that server. HTTP cookies are used for authenticating , tracking, and maintaining specific information about users, such as site preferences and the contents of their electronic shopping carts . The term &quot;cookie&quot; is derived from &quot; magic cookie ,&quot; a well-known concept in unix computing which inspired both the idea and the name of HTTP cookies.

HTTP cookies , sometimes known as web cookies or just cookies , are parcels of text sent by a server to a web browser and then sent back unchanged by the browser each time it accesses that server. HTTP cookies are used for authenticating , tracking, and maintaining specific information about users, such as site preferences and the contents of their electronic shopping carts . The term &quot;cookie&quot; is derived from &quot; magic cookie ,&quot; a well-known concept in unix computing which inspired both the idea and the name of HTTP cookies.

Web Cookies

Session Normally manage by web server Use cookie to help keeping session id or session identifier Session timeout, unused data will be cleared from memory

Normally manage by web server

Use cookie to help keeping session id or session identifier

Session timeout, unused data will be cleared from memory

Session Browser Web Server Session ID Cookie Session Data Session Data Session Data Session Data Browser Session ID Cookie

Question If we close browser, will the cookie disappear ? Can we change value in cookie manually? How to open web site in a new session Open new browser window?

If we close browser, will the cookie disappear ?

Can we change value in cookie manually?

How to open web site in a new session

Open new browser window?