Cookie work process & HTTP stateless protocol analysis and cookie relationship

Turn from: http://blog.csdn.net/zyw_anquan/article/details/7642004

When the user types a URL for a Web site in the browser's address bar, the browser sends a request to the Web site to read the page and displays the results on the user's monitor. The Web page then looks for a cookie file on the user's computer that corresponds to the site's settings, and if found, the browser sends the data from the cookie file to the Web server along with the URL you entered earlier. When the server receives the cookie data, it retrieves the client ID, the shopping record, the personal preferences, and so on in its database, and records the new content and adds it to the database and the cookie file. If you do not retrieve a cookie or cookie information that does not conform to the information in the database, the client is browsing the Web site for the first time, and the server's CGI (Common gatewayinterface, Public Gateway Interface) program creates new ID information for the client. and save it to the database. The reading and writing process for cookies is given below:

(1) browser to the Web server answer the cookie in the header of the operation steps:

A. Extracts all cookies from the Web server's reply header.

B. Parse the components (name, value, path, etc.) of these cookies.

C. Determine if the host is allowed to set these cookies. If allowed, the cookies are stored locally.

(2) The steps for the browser to filter all cookies in the Web server request header:

A. Determine which cookies can be sent to the Web server based on the URL of the request and the properties of the locally stored cookie.

B. For multiple cookies, determine the order in which they are sent.

C. Send the cookie that needs to be sent together in the request HTTP header.

Through the reading and writing process of the cookie above, we found that the cookie was passed through the HTTP header information in the Web page code, but the cookie is associated with the Web site rather than the specific page, so no matter what page the user requests to browse a site, Both the browser and the server will exchange cookie information in the site, and each Web page request from the browser can be accompanied by a cookie. For example, when a browser opens or refreshes a Web page operation, the server adds cookies to the HTTP header information of the Web page, accompanies the Web page data back to the client's browser, and the browser chooses whether to save the data based on the cookie settings in the client's computer. If the browser does not allow cookies to be saved, the data disappears when the browser is turned off. When a user accesses another site, each site may send a cookie to the user's browser, and the browser will handle all of the cookies accordingly.

The specific work process is described as follows:

(1) The Web client sends a connection request to the Web server through a browser to open a Web page through the URL in the HTTP message request line.

(2) After the Web server receives the request, it generates a set-cookies Header based on the information provided by the client.

(3) The generated set-cookies header is stored in the HTTP message via the response header and transmitted back to the Web client to establish a session connection.

(4) When the Web client receives the HTTP reply message, if it wants to continue the established session, it takes the contents of the cookies out of the HTTP message and forms a cookie. Text files are stored on the hard disk of the client computer or in memory on the client computer.

(5) When a Web client sends a connection request to a Web server again, the Web browser first looks for the corresponding cookie text file on the local computer based on the URL of the site to visit, or looks for the corresponding cookie content in the local computer's memory. If found, the cookie content is stored in the HTTP request message to the Web server.

(6) When the Web server receives an HTTP request containing the content of the cookies, it retrieves the user-related information in its cookies and generates a client-requested page response to the client based on the results of the search.

In addition, the time that cookies are saved on the client computer is different depending on the settings of the server, and there is a expires attribute in the cookie that determines the save time of the cookie, or it can be reset to change it, if you do not set the property, Cookies are only valid while browsing the web, and the cookies automatically disappear when you close the browser. The vast majority of sites are in this category. Typically, a cookie contains the fields of server, Expires, name, and value, where only the Name and value fields are useful to the server, and the contents of fields such as Expires are simply to tell the browser how to handle the cookies.

We know that the HTTP protocol is a stateless protocol and that the client and server side do not need to establish a persistent link. The link between the client and the server is based on a request response mode. And the client and the server establish a link, the client submits a request, the server side receives the request to return a response, then the two are disconnected. That is, the HTTP protocol takes the request/response model. The client sends a request message to the server that contains the requested method, URL, protocol version, request header, and request data. The server responds with a status line that includes the protocol version, success or error code, server information, response headers, and response data. The following figure illustrates this request/response model.

HTTP request/Response model

After understanding the working process of HTTP, we need to understand the format of HTTP request message and response message. An HTTP request message typically includes a request line, a header, and an entity (sometimes included) of 3 parts, and the following figure gives the general format of the request message,

Request message

An HTTP response message typically includes a status line, a header, and an entity (sometimes included) of 3 parts, and its message format is shown in the figure. In the response message, the status line defines the state of the response message, and the response status code and the response status code indicate the field response.

Response message

Here we use a more familiar example to understand the stateless nature of HTTP, such as a multiple image page browsing. The steps are: ① establish the connection, the client sends a webpage request, the server side returns an HTML page (the page here is just a plain text page, that is, we write the HTML code), closes the connection; ② Browser parse HTML file, encounter picture tag get URL at this time, The client and the server then establish a connection, the client sends a picture request, the server returns the picture answer, closes the connection. (This also involves stateless definition: for the server, this time the request is the same client request but the server still do not know this is the previous client, and the transaction processing has no memory ability).

However, it should be noted that the response order of the server must be the same as the order of the client request. Stateless means that the protocol has no memory capability for transaction processing. A lack of status means that if the preceding information is required for subsequent processing, it must be retransmission, which may result in an increase in the amount of data transmitted per connection. On the other hand, it responds faster when the server does not need prior information. After the advent of a Web application that dynamically interacts with the server, HTTP stateless features seriously impede the implementation of these applications, after all, the interaction needs to be connected, and the simple shopping cart program also knows what the user has chosen before. As a result, two techniques for maintaining the state of the HTTP connection come into being, one is a cookie, and the other is session.

I'll introduce cookies and sessions below.