Let's talk about Http Request, Http Response, and requestresponse.
Talk about Http Request and Http Response
Preface: I recently helped my friends get the mall. for basic development, there are basically various post and get types. Sometimes the server sends post and get data to our server, sometimes we need our own servers to send data between various post and get requests on the server through json or xml. Let's summarize the http-related requests and response today. Let's start with the following questions.
===== Start of the body ========
1. What are HTTP requests and HTTP Response?
We usually open the browser, Enter the URL, and click Enter. Then the desired webpage is displayed in front of us. But how does this process work?
In simple terms:
(1) When we press Enter, the browser willSend a message to the server where the website is locatedThis process is called HTTP Request, and the Request is named response, that is, the browser wants to send the Request to the serverSend a request.
(2) After receiving a message sent by the browser, the server can process the message according to the content of the browser, and thenThe message is sent back to the browser.This process is called HTTP Response. The Response is called Response, which means the server responds to the browser's Request.
(3) After the browser receives the server's Response information, it will process the information and display it to us.
The above three processes are actuallyA dialogue between two programs,OrA dialogue between two processes,One program is a browser calledClient or ClientIs used to send requests. Another program is a Web server, which can be apache, and so on. It is used to make corresponding Response for users' requests, calledServer or Server.
In addition to a browser, the Client can also be a program written by ourselves. In this way, we need to write code in the program to complete the above operations: send Request --> receive Response information --> analyze Response information for processing.
Note: For example, if we have a website, we need to interact with a third-party website server, such as a server. If our own website sends a Request to the server, the server returns the Response information, our website is the client, while the server is the server. If the server sends Resquest to our website and our server replies to the Response server, our website is the server, the server is the client.In short, communication between two processes.
After understanding the above process, another problem arises: how can the Client and Server transmit data between each other to identify the information transmitted between each other? Therefore, we need to follow the rules for transmitting information between them.HTTP protocol,ThereforeHTTPRequest andHTTPResponse.
The HTTP Protocol is called Hyper Text Transfer Protocol. Currently, there are three major versions: HTTP/0.9, HTTP/1.0, and HTTP/1.1, if you are interested, you can check the http protocol history. Here we need to pay attention to the fact that both the Client and Server follow the HTTP protocol for Request and Response, and if we want to analyze the data, it is necessary to know what the data format of communication between each other looks like. Please refer to the following question.
2. What is the data format of HTTP Request and HTTP Response?
(1) HTTP Request data format
It consists of three parts:
1) HTTP Request Method, URI, Protocol Version
This part is located in the first line of the HTTP Request, including the HTTP Request Method, URI, and Protocol Version. For example,Get.test.html HTTP/1.1Indicates that the HTTP Request Method is the GET Method, the URI is/test. htlm, And the HTTP protocol version is 1.1.
2) HTTP Request Headers:
The Request header information includes the encoding information, Request client type, and other information.
3) HTTP Request Body:
This part contains the subject information of the Request, which is separated by one line from the HTTP Request Header.
(2) HTTP Response Data Format
Similar to the HTTP Request data format, it also contains three pieces of information.
1) Protocol/Version, Status Code, Description
2) HTTP Response Headers
3) HTTP Response Body
You can use Chrome to press F12 to view the data, or use cUrl or wireshak to view the data. You can also write a program to obtain information and understand the HTTP Request and HTTP Response data formats, more impressive.
3. Why do we need a Session?
The client and server communicate with each other through HTTP Request and HTTP Response, and parse the data according to the HTTP Request and HTTP Response data formats. However, there is another problem, that is, HTTP is a stateless protocol. That is to say, each time the client sends a Request to the server, the server considers it a new Request and cannot record the client information, this situation will cause many problems. For example, if we log on to a website, if we need to access other pages, after we click the link, the server will consider it as a new user, if the user information needs to be verified on this page, the client needs to re-enter the login information, resulting in many problems.
How can this problem be solved? It is through Session.
The server generates unique information for the client to be accessed. The Session is stored in the Session, and the Session is on the server. It can be stored in the memory of the server or in the file system, it can also be stored in the server database. Session management is also worth pondering.
It is not enough to have a Session, because each access to the client is a new Request. Therefore, you must include the client information in the Request information to compare it with the Session on the server, to determine if it is the same client. Therefore, Session Tracking is required to correctly identify the client.
4. How to perform Session Tracking?
The Request information contains client information. There are three methods:
1) Cookies
Stored on the client, each cookie is associated with a unique SessionID. When the client sends a Request, this information is sent in one piece, then, the server can compare the Cookie information with the Session information to determine whether the client's Request is the first Request;
The Cookie contains the expiration time information. If the Cookie expires, the server will regard it as the first Request, which requires the user to log on;
Cookies can contain other sensitive information and are stored on the client. Therefore, there may be risks. If you think about Cookies, you will naturally have to bear certain risks;
To avoid the risk of Cookies, many browsers can disable Cookies;
After cookies are disabled, some websites cannot log on. For example, if cookies are disabled in the browser, they cannot log on.
2) URL Rewriting
If you want to identify the Request when the client disables the Cookie, you can use the URL Rewriting method to include a piece of information in the URL, this information can only correspond to the corresponding Session, so that the specific Session can be determined after the URL is uploaded to the server. Through URL Rewriting, you do not need to store Cookies on the client. The information associated with a specific Session is directly transmitted back and forth through the URL.
If the URL Rewriting method is used, if we save a URL as a tag and then open the tag later, the Session will be prompted to expire because the Session has a certain period of time, the server deletes the corresponding Session information to save resources.
3) use the Form tag of the Hidden type
In addition to the above two methods, you can also use the form tag of the hidden type, such as <input type = "hidden "... /> This method has two disadvantages: one is that we can see some information, or even some sensitive information, through the HTML source code; the other is to distinguish different users, this method can only be used in dynamic web pages. For pure HTML, there is no way.