HTTP Communication principle

HTTP (hypertext Transfer Protocol) is a set of rules for computers to communicate over a network. Computer experts design HTTP to enable HTTP clients (such as Web browsers) to request information and services from an HTTP server (Web server). HTTP Current protocol version is 1.1.HTTP is a stateless protocol, stateless refers to the Web browser and the Web server does not need to establish a persistent connection, which means when a client makes a request to the server, and then the Web server returns a response (response), The connection is closed and information about the connection is not maintained on the server side. HTTP follows the request/answer (Response) model. The Web browser sends a request to the Web server, and the Web server processes the request and returns the appropriate answer. All HTTP connections are constructed as a set of requests and responses.

HTTP uses content types, which are the types of files that the Web server returns to a Web browser. All of these types are modeled on the MIME Internet Mail protocol, where the Web server tells the Web browser what kind of file it has, whether it is an HTML document, a GIF format image, a sound file, or a standalone application. Most Web browsers have a series of configurable helper applications that tell the browser how to handle the various types of content that the Web server sends over.

The HTTP communication mechanism is that during a complete HTTP communication, the following 7 steps will be completed between the Web browser and the Web server:

(1) Establishing a TCP connection

Before HTTP work begins, the Web browser first establishes a connection to the Web server over the network, which is done through TCP, which works with the IP protocol to build the Internet, known as the TCP/IP protocol family, so the internet is also known as a TCP/IP network. HTTP is a higher level of application-level protocol than TCP, according to the rules, only the lower layer protocol is established before it can be a more protocol connection, so the first to establish a TCP connection, the port number of the general TCP connection is 80

(2) Web browser sends request command to Web server

Once a TCP connection is established, the Web browser sends a request command to the Web server

Example: get/sample/hello.jsp http/1.1

(3) Web browser sends request header information

After the browser sends its request command, it also sends some other information to the Web server in the form of header information, and then the browser sends a blank line to notify the server that it has ended sending the header information.

(4) Web server answer

After the client makes a request to the server, the server sends a reply back to the client,

http/1.1 OK

The first part of the answer is the version number of the protocol and the Answer status code

(5) The Web server sends the answer header information

Just as the client sends information about itself along with the request, the server also sends the user with the answer about its own data and the requested document.

(6) The Web server sends data to the browser

After the Web server sends a header message to the browser, it sends a blank line to indicate that the header information is sent to the end, and then it sends the actual data requested by the user in the format described by the Content-type reply header information

(7) The Web server shuts down the TCP connection

In general, once the Web server sends the request data to the browser, it closes the TCP connection and then if the browser or server joins this line of code in its header information

Connection:keep-alive

The TCP connection remains open after it is sent, so the browser can continue to send requests through the same connection. Maintaining a connection saves the time it takes to establish a new connection for each request and also saves network bandwidth.

　　　　

HTTP request Format

When the browser makes a request to the Web server, it passes a block of data to the server, which is the request information, and the HTTP request information consists of 3 parts:

L Request Method URI Protocol/version

L Requests Header (request header)

L Request Body

The following is an example of an HTTP request:

get/sample.jsphttp/1.1

accept:image/gif.image/jpeg,*/*

Accept-language:zh-cn

Connection:keep-alive

Host:localhost

user-agent:mozila/4.0 (compatible; MSIE5.01; Window NT5.0)

Accept-encoding:gzip,deflate

username=jinqiao&password=1234

(1) Request method URI Protocol/version

The first line of the request is "method URL negotiation/version": Get/sample.jsp http/1.1

In the code above, "GET" represents the request method, "/sample.jsp" represents the URI, "http/1.1 represents the version of the Protocol and Protocol."

HTTP requests can use a variety of request methods, depending on the HTTP standard. For example: HTTP1.1 supports 7 methods of request: GET, POST, HEAD, OPTIONS, PUT, delete, and Tarce. In Internet applications, the most common method is get and post.

The URL completely specifies the network resource to be accessed, usually with a relative directory relative to the root of the server, always beginning with a "/", and finally, the version of the Protocol that declares the use of HTTP during communication.

(2) Requesting header (Request header)

The request header contains many useful information about the client environment and the request body. For example, the request header can declare the language used by the browser, the length of the request body, and so on.

accept:image/gif.image/jpeg.*/*

Accept-language:zh-cn

Connection:keep-alive

Host:localhost

user-agent:mozila/4.0 (Compatible:msie5.01:windows NT5.0)

Accept-encoding:gzip,deflate.

(3) Request body

Between the request header and the request body is a blank line, which is very important, which indicates that the request header has ended, followed by the request body. The request body can contain query string information submitted by the customer:

username=jinqiao&password=1234

In the HTTP request for the example above, the body of the request has only one line of content. Of course, in real-world applications, the HTTP request body can contain more content.

HTTP request method I only discuss the Get method with the Post method here

L Get method

The Get method is the default HTTP request method, and we routinely use the Get method to submit form data, but the form data submitted with the Get method is simply encoded, and it is sent to the Web server as part of the URL, so If you use the Get method to submit form data, there is a security risk. For example

Http://127.0.0.1/login.jsp?Name=zhangshi&Age=30&Submit=%cc%E+%BD%BB

From the URL request above, it is easy to identify what the form submits. （？ ) In addition, because the data submitted by the Get method is part of the URL request, the amount of data submitted cannot be too large

L POST method

The Post method is an alternative to the Get method, which is primarily to submit form data to the Web server, especially large batches of data. The Post method overcomes some of the drawbacks of the Get method. When submitting form data through the Post method, the data is not sent as part of the URL request but as standard data to the Web server, which overcomes the drawback that the information in the Get method is not confidential and the amount of data is too small. Therefore, for security reasons and respect for user privacy, the Post method is usually used for form submission.

From a programmatic point of view, if a user submits data through a GET method, the data is stored in the QUERY_STRING environment variable, and the data submitted by the Post method can be obtained from the standard input stream.

HTTP replies are similar to HTTP requests, and HTTP responses are made up of 3 parts, namely:

L Protocol Status Version Code description

L Response Header (Response header)

L Response Body

The following is an example of an HTTP response:

http/1.1 OK

Server:apache tomcat/5.0.12

date:mon,6oct2003 13:23:42 GMT

content-length:112

<title>http Response Example <title>

<body>

Hello http!

</body>

The Protocol status code describes the first line of the HTTP response similar to the first line of the HTTP request, which indicates that the protocol used by the HTTP1.1 server has successfully processed the client-issued request (200 indicates success):

http/1.1 OK
The response header (Response header) also contains many useful information, such as server type, datetime, content type, and length, as well as the request header:

Server:apache tomcat/5.0.12

date:mon,6oct2003 13:13:33 GMT

Content-type:text/html

last-moified:mon,6 OCT 2003 13:23:42 GMT

content-length:112

The response body response body is the HTML page returned by the server:

<title>http Response Example <title>

<body>

Hello http!

</body>

The response header and the body must also be separated by a blank line.

L HTTP Answer code

An HTTP answer code, also known as a status code, reflects the state of the Web server processing HTTP requests. The HTTP answer code consists of 3 digits, with the first number defining the type of the answer code:

1xx-Information Class (information), which indicates receipt of a Web browser request, is being further processed

2xx-Success Class (successful), which indicates that user requests are received correctly, understood and processed for example: OK

The 3xx-redirect Class (redirection) indicates that the request was unsuccessful and the customer must take further action.

4xx-Client error, which indicates that the client submitted a request with an error such as: 404 Not

Found means that the document referenced in the request does not exist.

5xx-Server error indicates that the server was unable to complete the processing of the request: 500

For our web developers, mastering HTTP answer codes can help improve the efficiency and accuracy of Web application debugging.

Secure connection

One of the most common uses of Web applications is e-commerce, which allows people to shop online using Web server-side programs, and it's important to point out that by default, sending information over the Internet is unsafe, and that if someone happens to intercept a message that you sent to a friend, he can open it. Imagine having your credit card number in it, and how bad it can be, fortunately, many Web servers and Web browsers have the ability to create secure connections so they can communicate securely.

The most common standard for providing secure connections over the Internet is the Secure Sockets Layer (secure Sockets layer,ssl) protocol. The SSL protocol is an application-layer protocol (like HTTP) that is used to securely exchange data on the Web and SSL uses a public key-encoding system. In essence, this means that each party in the business has a public and a private key. When a party encodes a public key using the other party, only the person with the matching key can decode it. In short, public key encoding provides a secure way to exchange data between two parties, after the SSL connection is established, both the client and the server exchange the public key and validate it before the business contact, and once both keys are authenticated, the data can be exchanged securely.

//----------------------------------------------------------------------------------------------

Meaning of the HTTP protocol status code

Number meaning
-----------------------------------------
"Continue":
"101": Witching Protocols
"$": OK
"201": Created
"202": Accepted
"203": non-authoritative information
"204": No Content
"205": Reset Content
"206": Partial Content
"Multiple": Choices
"301": Moved Permanently
"302": Found
"303": See other
"304": Not Modified
"305": Use Proxy
"307": Temporary Redirect
"$": Bad Request
"401": Unauthorized
"402": Payment Required
"403": Forbidden
"404": Not Found
"405": Method not allowed
"406": not acceptable
"407": Proxy authentication Required
"408": Request time-out
"409": Conflict
"410": Gone
"411": Length Required
"412": Precondition Failed
"413": Request Entity Too Large
"414": Request-uri Too Large
"415": Unsupported Media Type
"416": Requested range not satisfiable
"417": Expectation Failed
"$": Internal Server Error
"501": Not implemented
"502": Bad Gateway
"503": Service unavailable
"504": Gateway time-out
"505": HTTP Version not supported

HTTP Communication principle