Honey fruit private school: http protocol learning and Summary Series-In-depth understanding

At the beginning of this article, I would like to thank my boss. he saw that I was writing this series and provided me with two excellent slides he wrote during his previous internal training, I used it for my use, (* ^__ ^ *) xi ....... In addition, I would like to thank the IT colleagues who provided various materials on the Internet for their opening remarks. I would like to thank my boss who saw that I was writing this series, I provided two excellent slides that I wrote when I was doing internal training. they were used by me (* ^__ ^ ....... In addition, I would like to thank the IT colleagues who provided various materials online.
3. Learn more about Cookie and Session

Both Cookie and Session are used to save the status information. they are both used to save the client status and are used to solve the problem of HTTP stateless.

Session can be implemented using cookies or URL write-back. Sessions implemented using cookies can be considered as more advanced applications for cookies.

3.1.1 Comparison between the two

Cookie and Session have the following obvious differences:

1) Cookie stores the status on the client, and Session stores the status on the server;

2) Cookies are small pieces of text stored by the server on the local machine and are sent to the same server as each request. Cookie was first implemented in RFC2109, and RFC2965 was enhanced later. The network server uses the HTTP header to send cookies to the client. on the client terminal, the browser parses these cookies and saves them as a local file. then, it automatically uploads these cookies to any requests on the same server. The Session is not defined in the HTTP protocol;

3) The Session is for each user. The value of the variable is stored on the server, and a sessionID is used to identify the user session variable, this value is returned to the server when the user's browser accesses it. when the customer disables the cookie, this value may also be set to get to return to the server;

4) in terms of security: When you access a site that uses sessions and create a cookie on your host, we recommend that the session mechanism on the server be safer. because it does not read the information stored by the customer.

3.1.2 Session mechanism

The Session mechanism is a server-side mechanism. the server uses a structure similar to a hash (or a hash) to save information.

When the program needs to create a session for a client request, the server first checks whether the client request contains a session id called the session id, if a session id is included, it indicates that a session has been created for this client before, and the server uses the session id to retrieve the session. (if the session id is not found, a new one may be created ), if the client request does not contain the session id, the client creates a session and generates a session id associated with the session. the session id value should be unique, the session id is returned to the client for saving in this response.

3.1.6 Session implementation method 3.1.6.1 use Cookie to implement

The server assigns a unique JSESSIONID to each Session and sends it to the client through cookies.

When the client initiates a new request, the JSESSIONID will be carried in the Cookie header. In this way, the server can find the Session corresponding to this client.

The process is shown in:

3.1.6.2 use URL echo for implementation

URL write-back refers to the server carrying the JSESSIONID parameter in all links sent to the browser page, so that the client will bring the JSESSIONID to the server when clicking any link.

If you directly enter the url of the server resource in the browser to request the resource, the Session cannot match.

Tomcat implements Session by using both Cookie and URL write-back mechanisms at the beginning. if the client supports Cookie, it will continue to use Cookie and stop using URL write-back. If the Cookie is disabled, URL write-back is always used. When jsp development processes the Session, remember to use response. encodeURL () for the link on the page ().

3.1.3 Session failures in J2EE projects

1) Session Timeout: The Session expires within the specified time. for example, if no operation is performed within 30 minutes, the Session becomes invalid. for example, the following settings are made in web. xml:

30 // Unit: minute

2) use session. invalidate () to explicitly remove the Session.

3.1.4 Cookie-related HTTP Extension headers

1) Cookie: the client returns the Cookie set by the server to the server;

2) Set-Cookie: The server sets a Cookie to the client;

3) Cookie2 (RFC2965): The client instructs the server to support the Cookie version;

4) Set-Cookie2 (RFC2965): The server sets the Cookie to the client.

3.1.5Cookie process

The server sends the Cookie content back to the client using the Set-Cookie header in the response message. the client carries the same content in the new request and sends it to the server. This enables session persistence.

The process is shown in:

3.2 Cache Implementation principle 3.2.1 What is Web cache

The WEB cache is located between the Web server and the client.

The cache stores copies of the output content according to the request, such as html pages, images, and files. when the next request comes: If the URL is the same, the cache directly uses the copy to respond to the access request, instead of sending a request to the source server again.

The HTTP protocol defines relevant message headers to make the WEB cache work as best as possible.

3.2.2 Advantages of caching

Q: reduce the latency because the request is sent from the cache server (closer to the client) rather than from the source server. this process takes less time and makes the web server look faster.

Q: reducing network bandwidth consumption: when a copy is reused, the client bandwidth consumption will be reduced; the customer can save bandwidth costs, control the increase in bandwidth demand, and make it easier to manage.

3.2.3 cache-related HTTP extended message headers

Q Expires: indicates the response content Expiration Time, Greenwich Mean Time GMT

Q Cache-Control: more detailed Control of Cache content

Q Last-Modified: The Last modification time of the resource in the response

Q ETag: the resource check value in the response. it is uniquely identified in a certain time period on the server.

Q Date: server time

Q If-Modified-Since: the Last modification time of the resource accessed by the client, which is the same as Last-Modified.

Q If-None-Match: check value of the resource accessed by the client, which is the same as ETag.

3.2.4 common procedures for effective client cache

When the server receives the request, it will return the Last-Modified and ETag headers of the resource in 200OK. the client saves the resource in the cache and records the two attributes. When the client needs to send the same request, it will carry the If-Modified-Since and If-None-Match headers in the request. The values of the two headers are the values of the Last-Modified and ETag headers in the response. The server uses these two headers to determine that the local resources have not changed. the client does not need to download the resources again and returns a 304 response. Shows the common process:

3.2.5 Web Cache mechanism

The purpose of caching in HTTP/1.1 is to reduce the number of sending requests in many cases, and in many cases it is not necessary to send a complete response. The former reduces the number of network loops, and HTTP uses an expiration mechanism for this purpose. The latter reduces the bandwidth of network applications. HTTP uses the "validation" mechanism for this purpose.

HTTP defines three caching mechanisms:

1) Freshness: allows a response message to be rechecked on the source server and controlled by the server and client. For example, the Expires response header gives a document unavailable time. The max-age mark in Cache-Control specifies the maximum Cache time;

2) Validation: used to check whether a cached response is still available. For example, If a response has a Last-Modified response header, the cache can use If-Modified-Since to determine whether the request has been changed, so as to determine whether the request is sent based on the situation;

3) Invalidation: When another request passes the cache, there is often a side effect. For example, if a URL is associated with a cache response but followed by a POST, PUT, or DELETE request, the cache will expire.

3.3 Principle of resumable download and multi-thread download

Q: The http get method can only request a certain part of a resource;

Q 206 response to part of Partial Content;

The resource Range of the q Range request;

The resource Range of the q Content-Range response;

Q When the connection is disconnected and re-connected, the client only requests the part of the resource that has not been downloaded, instead of re-requesting the entire resource to resume resumable data transfer.

Multipart Request resource instance:

Eg1: Range: bytes = 306302-: request the part of the resource from 306302 bytes to the end;

Eg2: Content-Range: bytes 306302-604047/604048: indicates that the response carries the 306302-604047 bytes of the resource. The total length of the resource is 604048 bytes;

The client sends concurrent requests to different segments of the same resource to achieve concurrent multipart download of a resource. This allows you to download files quickly. The popular FlashGet and Thunder are basically based on this principle.

Multi-thread download principle:

Q The download tool enables multiple threads that send HTTP requests;

Q each http request only requests part of the resource file: Content-Range: bytes 20000-40000/47000;

Q: merge the files downloaded by each thread.

3.4 https communication process 3.4.1 What is https

HTTPS (full name: Hypertext Transfer Protocol over Secure Socket Layer) is an HTTP channel targeted at security. it is simply a Secure version of HTTP. That is, the SSL layer is added under HTTP. the security Foundation of HTTPS is SSL. for details about encryption, see SSL.

See:

The port number used by https is 443.

3.4.2 principle of https

There are two basic encryption and decryption algorithm types:

1) symmetric encryption: there is only one key, encryption and decryption are the same password, and encryption and decryption speed is fast. typical symmetric encryption algorithms include DES and AES;

2) asymmetric encryption: Keys appear in pairs (the private key cannot be obtained based on the public key, or the public key cannot be obtained based on the private key). different keys are used for encryption and decryption (public key encryption requires private key decryption, private key encryption requires public key decryption. relatively symmetric encryption is slow. typical asymmetric encryption algorithms include RSA and DSA.

Let's take a look at the https communication process:

Advantages of https communication:

1) the key generated by the client can only be obtained by the client and the server;

2) only the client and server can obtain the encrypted data in plaintext;

3) communication between the client and the server is secure.

3.5 http proxy 3.5.1 http proxy server

The Proxy Server stands for Proxy Server. its function is to obtain network information from the Proxy network user. It is a transfer station for network information.

The proxy server is a server between the browser and the Web server. with this server, the browser does not directly go to the Web server to retrieve the Web page, but sends a request to the proxy server, the Request signal will be sent to the proxy server first. the proxy server will retrieve the information required by the browser and send it to your browser.

In addition, most proxy servers have the buffer function, which is like a large Cache, which has a large storage space and constantly stores new acquired data in its local memory, if the data requested by the browser already exists and is up-to-date on its local memory, it will not retrieve data from the Web server again, directly transfer the data in the memory to the user's browser, which can significantly improve the browsing speed and efficiency.

More importantly, the Proxy Server is an important security function provided by the Internet link-level gateway. it mainly works in the open System Interconnection (OSI) the dialog layer of the model.

3.5.2 Main functions of the http proxy server

The main functions are as follows:

1) break through the access restriction of its own IP address and access websites outside China. For example, CERNET, 169, and other network users can access foreign websites through proxy;

2) access resources in some organizations or groups, such as a university FTP (provided that the proxy address is within the permitted access range of the resource), and use the free proxy server of the address segment in the education network, it can be used to download and upload various types of FTP files open to the education network, as well as various types of data query and sharing services;

3) break through China Telecom's IP address blocking: many websites of China Telecom users are restricted to access. such restrictions are artificial, and the address blocking by different Serve is different. So you can try another proxy server outside China when you cannot access it;

4) improved access speed: usually the proxy server sets a large hard disk buffer. when external information passes through, it is also saved to the buffer zone, when other users access the same information again, the information is directly retrieved from the buffer and transmitted to the user to improve the access speed;

5) hide real IP addresses: netusers can also hide their own IP addresses in this way to avoid attacks.

3.5.3 http proxy illustration

For the http proxy illustration, see:

For a client browser, the http proxy server is equivalent to a server.

For Web servers, the http proxy server plays the role of the client.

3.6 VM implementation 3.6.1 What is a VM

Virtual Host: it allocates a certain amount of disk space on the network server for users to place sites and application components, and provides necessary site functions and data storage and transmission functions.

The so-called virtual host, also known as "website space", is to divide a server running on the Internet into multiple "virtual" servers, each VM has an independent domain name and a complete Internet server (supporting WWW, FTP, E-mail, and so on. Different virtual hosts on a server are independent of each other and managed by the user. However, a server host can only support a certain number of virtual hosts. when this quantity is exceeded, users will feel a sharp decline in performance.

3.6.2 implementation principles of virtual hosts

A vm uses the same WEB server to provide services for websites with different domain names. Apache, Tomcat, and so on can be implemented through configuration.

Related HTTP message header: Host.

Example: Host: www.baidu.com

When the client sends an HTTP request, it carries the Host header, which records the domain name entered by the client. In this way, the server can determine which domain name the customer wants to access based on the Host header.

Appendix: References

Understanding Cookie and Session mechanisms:

Http://sumongh.javaeye.com/blog/82498

Analysis of HTTP protocol:

Http: // 203.208.39.132/search? Q = cache: CdXly_88gjIJ: cached

Http proxy _ Baidu Encyclopedia:

Http://baike.baidu.com/view/1159398.htm

VM _ Baidu Encyclopedia:

Http://baike.baidu.com/view/7383.htm