HTTP
(HyperText Transfer Protocol) is the most widely used network protocol on the Internet. It is formulated and released by the World Wide Web Consortium.
1. Introduction
There are five major features of HTTP protocol:
1. Support client/server model. (This is also called a feature?)
2. Simple and fast: When a client requests a service from the server, it only needs to transmit the request method and path.
3. Flexible: HTTP allows the transmission of any type of data object. The type being transmitted is marked by the Content-Type (Content-Type is the identifier used to indicate the content type in the HTTP packet). (Hypertext protocol)
4. No connection: The meaning of no connection is to limit each connection to only process one request. After the server has processed the client's request and received the client's response, it will disconnect. In this way, transmission time can be saved. (This is the early 1.0, not anymore, now there are so many things on the web page, it is definitely not appropriate to disconnect after processing)
5. Stateless: Stateless means that the protocol has no memory capacity for transaction processing, and the server does not know what the client is. status. That is, after we send an HTTP request to the server, the server will send us data according to the request, but after sending it, no information will be recorded (Cookie and Session are born).
Two HTTP request message structure
Blank line is required
HTTP request example The
above is POST, and GET request has no request body (also called request body).
Three HTTP response messages
The difference between HTTP response example
Http request method Get and Post
- GET is generally used to obtain or query resource information, which means that it is idempotent (multiple requests to the same URL return the same result) and safe (the state of the resource is not modified)
- POST is generally used to update resource information and is neither safe nor idempotent.
Parameter storage location
- In the GET method, the client adds the data to be sent to the back of the URL (that is, puts the data in the HTTP protocol header, GET requests the data through the URL), uses the "?" connection, and uses the "&" connection between the parameters. Note: There is no restriction on the length of the URL in the HTTP protocol, but the browser and server will restrict it! (URL length restrictions are often asked during interviews, so you must understand that this is not stipulated in the agreement!)
- POST puts the data that needs to be transferred into the body of the HTTP request message (again, the protocol does not limit the size of this part), but the amount of data transferred is larger and more secure than GET (if the data is not encrypted) , Can be obtained using packet capture software).
Four connections
Strictly speaking, HTTP has no connection, and its bottom layer is TCP, so the connection here refers to TCP, which is a request/response, so there is no long connection, short connection.
HTTP 1.1 was popularized as early as 1999, so now the browser will carry a parameter in the request header when requesting: Connection: keep-alive, which means that the browser requires a long connection with the server, and the server can also set whether it is willing Establish a long connection. If it is close, it means it has been closed.
1. Long and short connection
Whether to disconnect or not, we need to distinguish the HTTP version:
(1) In the HTTP/1.0 version, after the client and the server complete a request/response, the previously established TCP connection will be disconnected, and the next time the request is made It is necessary to re-establish a TCP connection, which is also called a short connection.
(2) Only half a year after the release of HTTP1.0 (January 1997), the HTTP/1.1 version was released and brought a new function:
between the client and the server After completing a request/response, the TCP connection is allowed not to be disconnected, which means that the TCP connection will be used directly in the next request without re-shaking hands to establish a new connection. This is also called a long connection.
2.
Advantages and disadvantages of long connections For the server to establish a long connection has advantages and disadvantages:
Advantages:
When there are a large number of static resources (pictures, css, js, etc.) in the website, the long connection can be opened, and several pictures can be passed at once. TCP connection sending.
Disadvantages:
When the client requests one time, it is not requesting, but the server is running a long connection and the resources are occupied, which is a serious waste of resources.
So whether to open the long connection, the long connection time needs to be set reasonably according to the website itself.
ps: Don’t underestimate this TCP connection. In a complete client HTTP request (DNS addressing, TCP connection establishment, request, waiting, web page resolution, TCP connection disconnection), the time it takes to establish a TCP connection is still very large. big.
Five cookies and session
Because of the "stateless" nature of the HTTP protocol, cookies will close the connection after the request is completed, and exchange data again requires a new connection to be established, and the session cannot be tracked. Cookie technology is a solution for the client. The special information sent by the server to the client is stored in the response header. This information is stored in the client as a text file and is carried by the client every time it sends a request to the server. It is stored in the header of the request.
When the client makes a request to the server, if the server wants to record the user information, it will send a response with a cookie, and the client will keep the cookie. When the client needs to request again, the request URL and cookie information will be packaged and sent to On the server side, the server can then respond according to the cookie recognition status (and can also be modified). All in all, Cookie is a user identification mark, which is stored on the client side!
Session
Session is another mechanism to record the state of the client. The difference is that the Cookie is stored in the client browser, while the Session is stored in the server. When the client browser visits, the server records the client information on the server in some form.
Six HTTPS = HTTP + encryption + authentication + integrity protection
After understanding the characteristics of HTTP, what can not be ignored is its shortcomings. The communication uses plain text (not encrypted), and the content may be monitored. So the introduction of HTTPS is actually adding a layer of SSL (TLS) protocol between TCP and HTTP for encryption and decryption.