HTTP (HyperText Transfer Protocol)

·         See http://www.w3.org/Protocols/rfc2616/rfc2616.html

GET

·         Simplest of the request methods

·         Should be used when simply requesting resources from the server and not making changes

·         Does not have a body

·         Pre HTTP version 1.1 did not require headers

·         HTTP version 1.1 requires the host header

http://einstein.etsu.edu/~roachj/examples/004_formdataget/

<!DOCTYPE html>

<html>

<head>

   <meta charset="utf-8" />

   title>PHP 04</title>

</head>

<body>

   <form action="action.php" method="get">

      <p>Your name:

         <input type="text" name="name" /></p>

      <p>Your age:

         <input type="text" name="age" /></p>

      <p>

         <input type="submit" /></p>

   </form>

</body>

</html>

 

http://einstein.etsu.edu/~roachj/examples/004_formdataget/action.php?name=Jeff&age=21

 

GET /~roachj/examples/004_formdataget/action.php?name=Jeff&age=21 HTTP/1.1

Host: einstein.etsu.edu

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:28.0) Gecko/20100101 Firefox/28.0

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8

Accept-Language: en-US,en;q=0.5

Accept-Encoding: gzip, deflate

Referer: http://einstein.etsu.edu/~roachj/examples/004_formdataget/

Cookie: __utma=80014147.2017374380.1331909245.1407243143.1407261695.86; _ga=GA1.2.2017374380.1331909245; __utmc=80014147; __utmz=80014147.1407243143.85.1.utmcsr=csciwww.etsu.edu|utmccn=(referral)|utmcmd=referral|utmcct=/roachj/; badprotocol=4; Glink_session=!FM6tyHTiwm3cHBB4lyU++bZwQpIr+JZ/UNRQZ+o7NAI9+KEzrOQE9MQTsco10IfZfsc=; BANSSO=1WQI5c3m996h4Y320hDqWODj0o72DNUTHQBzTQC38NIjSa4S3QG=; fos.web.server=goldlink3.etsu.edu

Connection: keep-alive

 

 

POST

·         Should be used when the intent is to change a resource on the server

·         Have a body, a blank line separates the headers from the body

http://einstein.etsu.edu/~roachj/examples/005_formdatapost/

<!DOCTYPE html>

<html>

<head>

   <meta charset="utf-8" />

   <title>PHP 05</title>

</head>

<body>

   <form action="action.php" method="post">

      <p>Your name:

         <input type="text" name="name" /></p>

      <p>Your age:

         <input type="text" name="age" /></p>

      <p>

         <input type="submit" /></p>

   </form>

</body>

</html></html>

 

http://einstein.etsu.edu/~roachj/examples/005_formdatapost/action.php

 

POST /~roachj/examples/005_formdatapost/action.php HTTP/1.1

Host: einstein.etsu.edu

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:28.0) Gecko/20100101 Firefox/28.0

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8

Accept-Language: en-US,en;q=0.5

Accept-Encoding: gzip, deflate

Referer: http://einstein.etsu.edu/~roachj/examples/005_formdatapost/

Cookie: __utma=80014147.2017374380.1331909245.1407243143.1407261695.86; _ga=GA1.2.2017374380.1331909245; __utmc=80014147; __utmz=80014147.1407243143.85.1.utmcsr=csciwww.etsu.edu|utmccn=(referral)|utmcmd=referral|utmcct=/roachj/; badprotocol=4; Glink_session=!FM6tyHTiwm3cHBB4lyU++bZwQpIr+JZ/UNRQZ+o7NAI9+KEzrOQE9MQTsco10IfZfsc=; BANSSO=1WQI5c3m996h4Y320hDqWODj0o72DNUTHQBzTQC38NIjSa4S3QG=; fos.web.server=goldlink3.etsu.edu

Connection: keep-alive

 

name=Jeff&age=22

 

HTTP Response Message

HTTP/version-number status-code message

Header-Name-1: value

Header-Name-2: value

 

[ response body ]

 

The first line is the status line

·         HTTP version

·         3-digit status code

·         Human-readable message of the status code

HTTP/1.1 200 OK

Date: Wed, 06 Aug 2014 13:46:59 GMT

Server: Apache/2.2.15 (Red Hat)

X-Powered-By: PHP/5.3.3

Content-Length: 194

Connection: close

Content-Type: text/html; charset=UTF-8

 

<!DOCTYPE html>

<html>

<head>

   <meta charset="utf-8" />

   <title>PHP 05 Form Data (Post)</title>

</head>

<body>

   <p>

      Hi Jeff. You are 22 years old

   </p>

</body>

</html>

Status Codes

·         1xx – Informational

·         2xx – Successful

·         3xx – Redirection

·         4xx – Client Request Errors

·         5xx – Server Errors

Information Status Codes (1xx)

·         Impart information about how a request can be processed further

·         E.g. ‘100’ is used to tell the client that it may continue with a partially submitted requested.

Successful Response Status Codes (2xx)

·         Self-explanatory

·         E.g. ‘200’ indicates that the request was successfully completed and that the request is being sent back to the client

Redirection Status Codes (3xx)

·         Indicates that additional actions are required to satisfy the original request

·         Typically this involves a redirection: the client is instructed to redirect the request to another URL

·         E.g. ‘301’ tells the client that the resource is moved permanently, 302 tells the client that the resource is moved temporarily

·         E.g. if http://einstein.etsu.edu/~roachj/examples/001_helloworld is entered in the browser without the terminating /; the server will then redirect the client to http://einstein.etsu.edu/~roachj/examples/001_helloworld/

Client Request Error Status Codes (4xx)

·         Indicates a problem with the client request, an authorization challenge, or the server’s inability to find the requested resource.

·         E.g. 400 Bad Request, 401 Not Authorized, 404 Not Found

Server Error Status Codes (5xx)

·         Indicates a server problem

·         E.g. 500 Internal Server Error, 501 Not Implemented

Headers

General Headers

·         Apply to both request and response messages, but do not describe the body of the message

·         Date: - specifies the time and date this message was created

·         Connection: - indicates whether or not the client or server that generated the message intends to keep the connection open

·         Warning: - stores text for human consumption, something that is useful when tracing a problem

Request Headers

·         Allow clients to pass additional information about themselves and about the request

·         User-Agent: - identifies the software (e.g. a web browser) responsible for making a request

·         Host: - allows a web server to service more than one domain

·         Referer: - provides the server with context information about the request.  If the request came about because a user clicked on a link found on a web page, this header contains the URL of that referring page.  See http://en.wikipedia.org/wiki/HTTP_referer#Origin_of_the_term_referer

·         Authorization: - transmitted with requests for resources that are restricted only to authorized users.  Browsers will include this header after being notified of an authorization challenge via a response with a 401 status code.

Response Headers

·         help the server to pass additional information about the response that cannot be inferred from the status code alone

·         Location: - specifies a URL towards which the client should redirect its original request.  It always accompanies the 301 and 302 status codes that direct clients to try a new location.

·         WWW-Authenticate: - accompanies the 401 status code that indicates an authorization challenge.

·         Server: - optional header that identifies the server software

Entity Headers

·         describe either message bodies or target resources

·         Content-Type: - specifies the MIME type of the message body’s content. Content-Length: - provides the length of the message body.  Although optional, it is useful for clients such as web browsers that wish to impart information about the progress of a request.

·         Last-Modified: - provides the last modification date of the content that is transmitted in the body of the message.  It is critical for the proper functioning of caching systems.

Type Support through Content-Type

·         HTTP borrows its content typing system from Multipurpose Internet Mail Extensions (MIME)

·         The data type associated with the body of an HTTP message is defined via a two-layer encoding model using the Content-Type and Content-Encoding headers

·         In HTTP/1.1, the defined content encoding methods are: gzip, compress, and deflate

o   gzip (also x-gzip) – GNU zip

o   compress (also x-compress) – UNIX compress program

o   deflate – zlib format associated with RFC 1950 and 1951

·         Format: <type>/<subtype>

·         E.g. Content Type: text/html

Caching Control

·         A set of mechanisms allowing responses to be held in some form of temporary storage medium

·         It is meant to improve server performance

·         HTTP/1.1 provides the Cache-Control header for enforcing caching rules

·         HTTP/1.0 is not guaranteed to obey instructions in the Cache-Control header, so the deprecated Pragma header may help this.

Security through WWW-Authenticate and Authorization Headers

·         HTTP provides built-in support for basic authorization

·         Authorization credentials are transmitted via the Authorization header as a single encoded string.  Note: encoded not encrypted

·          Therefore, only safe over a secure connection

·         Steps in basic authentication:

1.      Client requests a restricted resource

2.      Server responds with the 401 status code response

3.      Client prompts the user for userid and password

4.      The user enters userid and password

5.      Client resubmits the request for the restricted resource

6.      Server verifies the authorization credentials

7.      If authorized, the server serves the content

8.      If not authorized, the server either responds with the 401 response or refuses by sending a ‘403 Forbidden’ response

Session Support

·         The Set-Cookie and Cookie headers are used to enable the maintenance of state between HTTP requests

·         Set-Cookie is a response header

·         Cookie is a request header

·         We’ll go into more detail later in the course