On the stateless nature of HTTP

HTTP is the abbreviation of Hyper Text Transfer protocol, as the name suggests, this protocol supports hypertext transmission. So what is hypertext? The plain thing is to use HTML to write pages. Typically, we use the client browser to access the server's resources, and the most common URLs are files with HTML suffixes. Therefore, we can say that hypertext is the most important resource on the network.

Since the purpose of the HTTP protocol is to support the transfer of hypertext, and more broadly to support the transfer of resources, then in the client browser to send a request to the HTTP server, and then the HTTP server to send the appropriate resources back to the client in such a process, whether for the client or server, There is no need to record this process, because each request and response is relatively independent, as if you were in front of the vending machine to drop a coin to buy a product, no one would have to remember such a transaction. In general, a URL corresponds to a unique hypertext, and the HTTP server is absolutely impartial, whether you are Michael, or Jordon, it will be based on the received URL request returned the same hypertext. It is because of this uniqueness that the recording of the user's behavior becomes meaningless, so the HTTP protocol is designed to be a stateless connection protocol that conforms to its own needs.

However, over time, it was found that static HTML was boring and tedious, and adding dynamically generated content would make Web applications more useful. As a then, the syntax of HTML is expanding, the most important thing is to add the form, the client also increased the functions such as script processing, DOM processing, etc. for the server, the corresponding CGI (Common Gateway Interface) to process dynamic requests that include form submissions. After the advent of such a client-server dynamic Interactive Web application, HTTP stateless features seriously impede the implementation of these applications, after all, the interaction needs to be connected, the simple shopping cart program also need to know what the user in the end of the choice of goods. As a result, two techniques for maintaining the state of the HTTP connection come into being, one is a cookie, and the other is session.

A cookie is a solution that maintains state through the client. By definition, a cookie is a special information sent by the server to the client, which is stored as a text file on the client, and then the client takes these special messages each time it sends a request to the server. Let's be more specific: When a user uses a browser to access a Web site that supports cookies, the user provides personal information, including the user name, and submits it to the server, and then the server sends back the personal information when it returns the corresponding hypertext to the client, Of course, this information is not stored in the HTTP responder (Response body), but is stored in the HTTP response header (Response header), and when the client browser receives a response from the server, the browser stores the information in a unified location. For the Windows operating system, we can find the stored cookie from the system disk]:/documents and settings/[username]/cookies directory, and since then, when the client sends a request to the server, will send the corresponding cookie back to the server again. This time, the cookie information is stored in the HTTP request header.
With a technology implementation such as cookies, the server, after receiving a request from a client browser, is able to dynamically generate content that corresponds to the client by analyzing the cookie that is stored in the request header to obtain the client-specific information. Usually, we can see the "Please remember Me" option from the login interface of many Web sites, and if you check it and then log in, you will not need to do repetitive and cumbersome logon actions the next time you visit the site, and this function is implemented through cookies.

A solution relative to a cookie is session, which is maintained by the server. Since the term session contains a lot of semantics, it is necessary to clarify the meaning of the session here. First of all, we usually translate sessions into conversations, so we can call the action of a series of interactions between the client browser and the server a session. From this semantics, we'll mention the duration of the session, what we did during the sessions, and so on, and secondly, the session refers to the storage space that the server is opening up for the client, where the information saved is used to keep the state. Starting from this semantics, we will refer to what is stored in the session, how to get the matching content from the session according to the key value, and so on.
To use the session, the first step is of course to create a session. So when will the session be created? It is, of course, created in the process of running a server-side program, where applications implemented in different languages have different methods of creating sessions, and in Java it is created by calling HttpServletRequest's GetSession method (using True as a parameter). While the session is created, the server generates a unique sessions ID for that session, which is used in subsequent requests to regain the sessions that have been created; You can invoke session-related methods to add content to the session, which will only be stored in the server, only the sessions ID sent to the client, and when the client sends the request again, it will take this one. Once the server receives the request, it finds the corresponding session based on the sessions ID, which is used again. Formal such a process, the user's state can be maintained. More about the session, I will continue to talk about it later in the post.

        to sum up, HTTP itself is a stateless connection protocol, in order to support the interaction between the client and the server, we need to through different technologies for the interactive storage State, And these different technologies are cookies and session.