Tehnologii Webandrei.panu/lectures/EN_web...here, from HTTP to WebSocket (RFC 6455) HTTP: status...
Transcript of Tehnologii Webandrei.panu/lectures/EN_web...here, from HTTP to WebSocket (RFC 6455) HTTP: status...
![Page 1: Tehnologii Webandrei.panu/lectures/EN_web...here, from HTTP to WebSocket (RFC 6455) HTTP: status Success (2xx) 200 Ok, 201 Created, 202 Accepted, 204 No Content, 206 Partial Content,…](https://reader033.fdocuments.in/reader033/viewer/2022050107/5f457657fbb1f00ea15cf460/html5/thumbnails/1.jpg)
Tehnologii Web
Web programming (I): HTTP, cookies, sessions
i.red
d.it
/1p
d8s
12l4
md
01.jp
g
Dr. Sabin Corneliu Buraga – profs.info.uaic.ro/~busaco/
![Page 2: Tehnologii Webandrei.panu/lectures/EN_web...here, from HTTP to WebSocket (RFC 6455) HTTP: status Success (2xx) 200 Ok, 201 Created, 202 Accepted, 204 No Content, 206 Partial Content,…](https://reader033.fdocuments.in/reader033/viewer/2022050107/5f457657fbb1f00ea15cf460/html5/thumbnails/2.jpg)
“There are 2 ways to write error-free programs; only the third one works.”
Alan Perlis
![Page 3: Tehnologii Webandrei.panu/lectures/EN_web...here, from HTTP to WebSocket (RFC 6455) HTTP: status Success (2xx) 200 Ok, 201 Created, 202 Accepted, 204 No Content, 206 Partial Content,…](https://reader033.fdocuments.in/reader033/viewer/2022050107/5f457657fbb1f00ea15cf460/html5/thumbnails/3.jpg)
What is the Web?
![Page 4: Tehnologii Webandrei.panu/lectures/EN_web...here, from HTTP to WebSocket (RFC 6455) HTTP: status Success (2xx) 200 Ok, 201 Created, 202 Accepted, 204 No Content, 206 Partial Content,…](https://reader033.fdocuments.in/reader033/viewer/2022050107/5f457657fbb1f00ea15cf460/html5/thumbnails/4.jpg)
World Wide Web
an information space containing elements (things) of interest, called resources,
denoted by global identifiers – URI/IRI
details at www.w3.org/TR/webarch/W3C Recommendation (2004)
![Page 5: Tehnologii Webandrei.panu/lectures/EN_web...here, from HTTP to WebSocket (RFC 6455) HTTP: status Success (2xx) 200 Ok, 201 Created, 202 Accepted, 204 No Content, 206 Partial Content,…](https://reader033.fdocuments.in/reader033/viewer/2022050107/5f457657fbb1f00ea15cf460/html5/thumbnails/5.jpg)
Web resources
Aspects of interest
identification
interaction
representation by using data formats
![Page 6: Tehnologii Webandrei.panu/lectures/EN_web...here, from HTTP to WebSocket (RFC 6455) HTTP: status Success (2xx) 200 Ok, 201 Created, 202 Accepted, 204 No Content, 206 Partial Content,…](https://reader033.fdocuments.in/reader033/viewer/2022050107/5f457657fbb1f00ea15cf460/html5/thumbnails/6.jpg)
Web resources
Aspects of interest
identification
interaction
representation by using data formats
URI/IRIprotocol:
HTTP
markup language(s)
![Page 7: Tehnologii Webandrei.panu/lectures/EN_web...here, from HTTP to WebSocket (RFC 6455) HTTP: status Success (2xx) 200 Ok, 201 Created, 202 Accepted, 204 No Content, 206 Partial Content,…](https://reader033.fdocuments.in/reader033/viewer/2022050107/5f457657fbb1f00ea15cf460/html5/thumbnails/7.jpg)
How about the interaction between client(s) and Web server(s)?
![Page 8: Tehnologii Webandrei.panu/lectures/EN_web...here, from HTTP to WebSocket (RFC 6455) HTTP: status Success (2xx) 200 Ok, 201 Created, 202 Accepted, 204 No Content, 206 Partial Content,…](https://reader033.fdocuments.in/reader033/viewer/2022050107/5f457657fbb1f00ea15cf460/html5/thumbnails/8.jpg)
HTTP
HyperText Transfer Protocol
based on TCP/IP stack
![Page 9: Tehnologii Webandrei.panu/lectures/EN_web...here, from HTTP to WebSocket (RFC 6455) HTTP: status Success (2xx) 200 Ok, 201 Created, 202 Accepted, 204 No Content, 206 Partial Content,…](https://reader033.fdocuments.in/reader033/viewer/2022050107/5f457657fbb1f00ea15cf460/html5/thumbnails/9.jpg)
HTTP
situated on the application layer
access control to the data transmission medium (MAC – Medium Access Control)
network interconnection + data routing(IP – Internet Protocol)
reliable transport via sockets(TCP – Transmission Control Protocol)
hypertext/hypermedia transfer(HTTP – HyperText Transfer Protocol)
![Page 10: Tehnologii Webandrei.panu/lectures/EN_web...here, from HTTP to WebSocket (RFC 6455) HTTP: status Success (2xx) 200 Ok, 201 Created, 202 Accepted, 204 No Content, 206 Partial Content,…](https://reader033.fdocuments.in/reader033/viewer/2022050107/5f457657fbb1f00ea15cf460/html5/thumbnails/10.jpg)
HTTP
HyperText Transfer Protocol
a reliable request/response protocol
standard access port: 80
![Page 11: Tehnologii Webandrei.panu/lectures/EN_web...here, from HTTP to WebSocket (RFC 6455) HTTP: status Success (2xx) 200 Ok, 201 Created, 202 Accepted, 204 No Content, 206 Partial Content,…](https://reader033.fdocuments.in/reader033/viewer/2022050107/5f457657fbb1f00ea15cf460/html5/thumbnails/11.jpg)
HTTP
HTTP/1.1
Internet standard: RFC 2616 (1999)
from 2014, defined by RFC 7230—7235
www.w3.org/Protocols/
devdocs.io/http/
tutorial: www.code-maze.com/http-series/
![Page 12: Tehnologii Webandrei.panu/lectures/EN_web...here, from HTTP to WebSocket (RFC 6455) HTTP: status Success (2xx) 200 Ok, 201 Created, 202 Accepted, 204 No Content, 206 Partial Content,…](https://reader033.fdocuments.in/reader033/viewer/2022050107/5f457657fbb1f00ea15cf460/html5/thumbnails/12.jpg)
HTTP
HTTP/2.0
RFC 7540 (2015)
focused on performance
http2.github.io
![Page 13: Tehnologii Webandrei.panu/lectures/EN_web...here, from HTTP to WebSocket (RFC 6455) HTTP: status Success (2xx) 200 Ok, 201 Created, 202 Accepted, 204 No Content, 206 Partial Content,…](https://reader033.fdocuments.in/reader033/viewer/2022050107/5f457657fbb1f00ea15cf460/html5/thumbnails/13.jpg)
HTTP
HTTP/2.0
binary messages
TCP connection reuse (a single connection per host)
multiplexing (many parallel streams)
header compression – HPACK
sending messages to the client (server push)
implementations: github.com/http2/http2-spec/wiki/Implementations
![Page 14: Tehnologii Webandrei.panu/lectures/EN_web...here, from HTTP to WebSocket (RFC 6455) HTTP: status Success (2xx) 200 Ok, 201 Created, 202 Accepted, 204 No Content, 206 Partial Content,…](https://reader033.fdocuments.in/reader033/viewer/2022050107/5f457657fbb1f00ea15cf460/html5/thumbnails/14.jpg)
HTTP/2
HTTP/1.1
resources of interest:http2-explained.haxx.se
www.tunetheweb.com/blog/http-versus-https-versus-http2/
![Page 15: Tehnologii Webandrei.panu/lectures/EN_web...here, from HTTP to WebSocket (RFC 6455) HTTP: status Success (2xx) 200 Ok, 201 Created, 202 Accepted, 204 No Content, 206 Partial Content,…](https://reader033.fdocuments.in/reader033/viewer/2022050107/5f457657fbb1f00ea15cf460/html5/thumbnails/15.jpg)
HTTP
HTTP/3.0
next generation Web protocolHTTP over QUIC – quicwg.org
uses QUIC (Quick UDP Internet Connections)proposed by Google, currently under standardization by
IETF (Internet Engineering Task Force)
other details: http3-explained.haxx.se
advanced
![Page 16: Tehnologii Webandrei.panu/lectures/EN_web...here, from HTTP to WebSocket (RFC 6455) HTTP: status Success (2xx) 200 Ok, 201 Created, 202 Accepted, 204 No Content, 206 Partial Content,…](https://reader033.fdocuments.in/reader033/viewer/2022050107/5f457657fbb1f00ea15cf460/html5/thumbnails/16.jpg)
HTTP: architecture
Web Server
daemon – “protective spirit”
Web Client
browser, Web bot (crawler), player,…
![Page 17: Tehnologii Webandrei.panu/lectures/EN_web...here, from HTTP to WebSocket (RFC 6455) HTTP: status Success (2xx) 200 Ok, 201 Created, 202 Accepted, 204 No Content, 206 Partial Content,…](https://reader033.fdocuments.in/reader033/viewer/2022050107/5f457657fbb1f00ea15cf460/html5/thumbnails/17.jpg)
HTTP: architecture
Web ServerApache, Internet Information Services, Lighttpd, NGINX,…
Web ClientMosaicNetscapeMozillaFirefox,
Internet Explorer, Chromium, wget, iTunes, Echofon, etc.
details in “Web browser’s architecture” presentation:profs.info.uaic.ro/~busaco/teach/courses/cliw/web-film.html#week5
![Page 18: Tehnologii Webandrei.panu/lectures/EN_web...here, from HTTP to WebSocket (RFC 6455) HTTP: status Success (2xx) 200 Ok, 201 Created, 202 Accepted, 204 No Content, 206 Partial Content,…](https://reader033.fdocuments.in/reader033/viewer/2022050107/5f457657fbb1f00ea15cf460/html5/thumbnails/18.jpg)
HTTP
Request and responseaccessing – possibly, changing – a resource
representation by using its URI
Web Server
Web Client
request
response
![Page 19: Tehnologii Webandrei.panu/lectures/EN_web...here, from HTTP to WebSocket (RFC 6455) HTTP: status Success (2xx) 200 Ok, 201 Created, 202 Accepted, 204 No Content, 206 Partial Content,…](https://reader033.fdocuments.in/reader033/viewer/2022050107/5f457657fbb1f00ea15cf460/html5/thumbnails/19.jpg)
HTTP: concepts
Message
base unit of the HTTP communication(request or response)
![Page 20: Tehnologii Webandrei.panu/lectures/EN_web...here, from HTTP to WebSocket (RFC 6455) HTTP: status Success (2xx) 200 Ok, 201 Created, 202 Accepted, 204 No Content, 206 Partial Content,…](https://reader033.fdocuments.in/reader033/viewer/2022050107/5f457657fbb1f00ea15cf460/html5/thumbnails/20.jpg)
HTTP: concepts
Intermediary
proxygatewaytunnel
![Page 21: Tehnologii Webandrei.panu/lectures/EN_web...here, from HTTP to WebSocket (RFC 6455) HTTP: status Success (2xx) 200 Ok, 201 Created, 202 Accepted, 204 No Content, 206 Partial Content,…](https://reader033.fdocuments.in/reader033/viewer/2022050107/5f457657fbb1f00ea15cf460/html5/thumbnails/21.jpg)
HTTP: concepts
Proxylocated in the client/server proximity
having the role of both server and client
Web Server
Web Client p
rox
y
![Page 22: Tehnologii Webandrei.panu/lectures/EN_web...here, from HTTP to WebSocket (RFC 6455) HTTP: status Success (2xx) 200 Ok, 201 Created, 202 Accepted, 204 No Content, 206 Partial Content,…](https://reader033.fdocuments.in/reader033/viewer/2022050107/5f457657fbb1f00ea15cf460/html5/thumbnails/22.jpg)
HTTP: concepts
Proxy
forward proxyintermediary for a group of clients
acts on behalf of clients
reverse proxyintermediary for a group of servers
advanced
![Page 23: Tehnologii Webandrei.panu/lectures/EN_web...here, from HTTP to WebSocket (RFC 6455) HTTP: status Success (2xx) 200 Ok, 201 Created, 202 Accepted, 204 No Content, 206 Partial Content,…](https://reader033.fdocuments.in/reader033/viewer/2022050107/5f457657fbb1f00ea15cf460/html5/thumbnails/23.jpg)
HTTP: concepts
Gatewayintermediary hiding the target (origin) server
the client has no knowledge about this
Web Gate-way
Web Client
Web Server
Web Server
![Page 24: Tehnologii Webandrei.panu/lectures/EN_web...here, from HTTP to WebSocket (RFC 6455) HTTP: status Success (2xx) 200 Ok, 201 Created, 202 Accepted, 204 No Content, 206 Partial Content,…](https://reader033.fdocuments.in/reader033/viewer/2022050107/5f457657fbb1f00ea15cf460/html5/thumbnails/24.jpg)
HTTP: concepts
Gateway
can assure: traffic distribution across servers – load balancing
short-term data storage – cachingmessage or request translation (e.g., HTTPSHTTP)
other negotiation operations – role of mediator/broker
advanced
![Page 25: Tehnologii Webandrei.panu/lectures/EN_web...here, from HTTP to WebSocket (RFC 6455) HTTP: status Success (2xx) 200 Ok, 201 Created, 202 Accepted, 204 No Content, 206 Partial Content,…](https://reader033.fdocuments.in/reader033/viewer/2022050107/5f457657fbb1f00ea15cf460/html5/thumbnails/25.jpg)
HTTP: concepts
Gateway
open source software: Apache Traffic Server – trafficserver.apache.org
HAProxy – www.haproxy.org
Squid – www.squid-cache.org
Varnish – varnish-cache.org
in cloud: Amazon ELB (Elastic Load Balancing)aws.amazon.com/elasticloadbalancing/
advanced
![Page 26: Tehnologii Webandrei.panu/lectures/EN_web...here, from HTTP to WebSocket (RFC 6455) HTTP: status Success (2xx) 200 Ok, 201 Created, 202 Accepted, 204 No Content, 206 Partial Content,…](https://reader033.fdocuments.in/reader033/viewer/2022050107/5f457657fbb1f00ea15cf460/html5/thumbnails/26.jpg)
HTTP: concepts
Tunnel
retransmits – usually, encrypted – HTTP messages
![Page 27: Tehnologii Webandrei.panu/lectures/EN_web...here, from HTTP to WebSocket (RFC 6455) HTTP: status Success (2xx) 200 Ok, 201 Created, 202 Accepted, 204 No Content, 206 Partial Content,…](https://reader033.fdocuments.in/reader033/viewer/2022050107/5f457657fbb1f00ea15cf460/html5/thumbnails/27.jpg)
HTTP: concepts
Tunnel
retransmits – usually, encrypted – HTTP messages
context: HTTPS protocol – to assure a “secure” HTTP communication via TLS (Transport Layer Security)
authentication based on digital certificates+ bidirectional data encryption
a visual tutorial at howhttps.works
![Page 28: Tehnologii Webandrei.panu/lectures/EN_web...here, from HTTP to WebSocket (RFC 6455) HTTP: status Success (2xx) 200 Ok, 201 Created, 202 Accepted, 204 No Content, 206 Partial Content,…](https://reader033.fdocuments.in/reader033/viewer/2022050107/5f457657fbb1f00ea15cf460/html5/thumbnails/28.jpg)
HTTP: concepts
Details about a HTTPS
connection offered by the
browser
advanced
used encryption
information about
the digital
certificate
![Page 29: Tehnologii Webandrei.panu/lectures/EN_web...here, from HTTP to WebSocket (RFC 6455) HTTP: status Success (2xx) 200 Ok, 201 Created, 202 Accepted, 204 No Content, 206 Partial Content,…](https://reader033.fdocuments.in/reader033/viewer/2022050107/5f457657fbb1f00ea15cf460/html5/thumbnails/29.jpg)
HTTP: concepts
Cache
local storage area – in memory, on a disc –for the messages (data)
server- and/or client-side
![Page 30: Tehnologii Webandrei.panu/lectures/EN_web...here, from HTTP to WebSocket (RFC 6455) HTTP: status Success (2xx) 200 Ok, 201 Created, 202 Accepted, 204 No Content, 206 Partial Content,…](https://reader033.fdocuments.in/reader033/viewer/2022050107/5f457657fbb1f00ea15cf460/html5/thumbnails/30.jpg)
HTTP: concepts
Cache
local storage area – in memory, on a disc –for the messages (data)
future requests for that data can be served faster
context: ensuring Web applications’ performance
![Page 31: Tehnologii Webandrei.panu/lectures/EN_web...here, from HTTP to WebSocket (RFC 6455) HTTP: status Success (2xx) 200 Ok, 201 Created, 202 Accepted, 204 No Content, 206 Partial Content,…](https://reader033.fdocuments.in/reader033/viewer/2022050107/5f457657fbb1f00ea15cf460/html5/thumbnails/31.jpg)
HTTP: messages
HTTP message = header + body
![Page 32: Tehnologii Webandrei.panu/lectures/EN_web...here, from HTTP to WebSocket (RFC 6455) HTTP: status Success (2xx) 200 Ok, 201 Created, 202 Accepted, 204 No Content, 206 Partial Content,…](https://reader033.fdocuments.in/reader033/viewer/2022050107/5f457657fbb1f00ea15cf460/html5/thumbnails/32.jpg)
HTTP: messages
Header
includes a set of fields
field-name ":" [ field-value ] CRLF
CR = Carriage Return \r – code 13
LF = Line Feed \n – code 10
![Page 33: Tehnologii Webandrei.panu/lectures/EN_web...here, from HTTP to WebSocket (RFC 6455) HTTP: status Success (2xx) 200 Ok, 201 Created, 202 Accepted, 204 No Content, 206 Partial Content,…](https://reader033.fdocuments.in/reader033/viewer/2022050107/5f457657fbb1f00ea15cf460/html5/thumbnails/33.jpg)
HTTP: messages
HTTP request
Method Request-URI ProtocolVersion CRLF
[ Message-header ] [ CRLF MIME-data ]
GET /~busaco/teach/courses/web/ HTTP/1.1 CRLF
Host: profs.info.uaic.ro
![Page 34: Tehnologii Webandrei.panu/lectures/EN_web...here, from HTTP to WebSocket (RFC 6455) HTTP: status Success (2xx) 200 Ok, 201 Created, 202 Accepted, 204 No Content, 206 Partial Content,…](https://reader033.fdocuments.in/reader033/viewer/2022050107/5f457657fbb1f00ea15cf460/html5/thumbnails/34.jpg)
HTTP: messages
HTTP response
HTTP-version Digit Digit Digit Reason
CRLF Content
HTTP/1.1 200 OK CRLF …
![Page 35: Tehnologii Webandrei.panu/lectures/EN_web...here, from HTTP to WebSocket (RFC 6455) HTTP: status Success (2xx) 200 Ok, 201 Created, 202 Accepted, 204 No Content, 206 Partial Content,…](https://reader033.fdocuments.in/reader033/viewer/2022050107/5f457657fbb1f00ea15cf460/html5/thumbnails/35.jpg)
HTTP: methods
GET
request – performed by a client – to access a resource representation
![Page 36: Tehnologii Webandrei.panu/lectures/EN_web...here, from HTTP to WebSocket (RFC 6455) HTTP: status Success (2xx) 200 Ok, 201 Created, 202 Accepted, 204 No Content, 206 Partial Content,…](https://reader033.fdocuments.in/reader033/viewer/2022050107/5f457657fbb1f00ea15cf460/html5/thumbnails/36.jpg)
HTTP: methods
GET
request – performed by a client – to access a resource representation
HTML document, CSS stylesheet, image in PNG or JPEG format, vector illustration as SVG,
JavaScript program, data in JSON (JavaScript Object Notation) format, RSS (XML) news feed,PDF presentation, ZIP archive, video, …
![Page 37: Tehnologii Webandrei.panu/lectures/EN_web...here, from HTTP to WebSocket (RFC 6455) HTTP: status Success (2xx) 200 Ok, 201 Created, 202 Accepted, 204 No Content, 206 Partial Content,…](https://reader033.fdocuments.in/reader033/viewer/2022050107/5f457657fbb1f00ea15cf460/html5/thumbnails/37.jpg)
HTTP: methods
HEAD
similar to GETusually, offers only meta-data
![Page 38: Tehnologii Webandrei.panu/lectures/EN_web...here, from HTTP to WebSocket (RFC 6455) HTTP: status Success (2xx) 200 Ok, 201 Created, 202 Accepted, 204 No Content, 206 Partial Content,…](https://reader033.fdocuments.in/reader033/viewer/2022050107/5f457657fbb1f00ea15cf460/html5/thumbnails/38.jpg)
HTTP: methods
HEAD
similar to GETusually, offers only meta-data
e.g., MIME type of a resource, last update,…
![Page 39: Tehnologii Webandrei.panu/lectures/EN_web...here, from HTTP to WebSocket (RFC 6455) HTTP: status Success (2xx) 200 Ok, 201 Created, 202 Accepted, 204 No Content, 206 Partial Content,…](https://reader033.fdocuments.in/reader033/viewer/2022050107/5f457657fbb1f00ea15cf460/html5/thumbnails/39.jpg)
HTTP: methods
PUT
updates a resource representation or, possibly, creates a resource on the Web server
details in the lecture regarding Web services
![Page 40: Tehnologii Webandrei.panu/lectures/EN_web...here, from HTTP to WebSocket (RFC 6455) HTTP: status Success (2xx) 200 Ok, 201 Created, 202 Accepted, 204 No Content, 206 Partial Content,…](https://reader033.fdocuments.in/reader033/viewer/2022050107/5f457657fbb1f00ea15cf460/html5/thumbnails/40.jpg)
HTTP: methods
POST
creates a resource, usually sending entities (data, actions) to the server
![Page 41: Tehnologii Webandrei.panu/lectures/EN_web...here, from HTTP to WebSocket (RFC 6455) HTTP: status Success (2xx) 200 Ok, 201 Created, 202 Accepted, 204 No Content, 206 Partial Content,…](https://reader033.fdocuments.in/reader033/viewer/2022050107/5f457657fbb1f00ea15cf460/html5/thumbnails/41.jpg)
HTTP: methods
POST
creates a resource, usually sending entities (data, actions) to the server
e.g., data entered into a Web form’ fields
![Page 42: Tehnologii Webandrei.panu/lectures/EN_web...here, from HTTP to WebSocket (RFC 6455) HTTP: status Success (2xx) 200 Ok, 201 Created, 202 Accepted, 204 No Content, 206 Partial Content,…](https://reader033.fdocuments.in/reader033/viewer/2022050107/5f457657fbb1f00ea15cf460/html5/thumbnails/42.jpg)
HTTP: methods
DELETE
erases a resource – its representation –from the server
![Page 43: Tehnologii Webandrei.panu/lectures/EN_web...here, from HTTP to WebSocket (RFC 6455) HTTP: status Success (2xx) 200 Ok, 201 Created, 202 Accepted, 204 No Content, 206 Partial Content,…](https://reader033.fdocuments.in/reader033/viewer/2022050107/5f457657fbb1f00ea15cf460/html5/thumbnails/43.jpg)
HTTP: methods
Remark
traditionally, the Web browser only permits the use of GET and POST methods
![Page 44: Tehnologii Webandrei.panu/lectures/EN_web...here, from HTTP to WebSocket (RFC 6455) HTTP: status Success (2xx) 200 Ok, 201 Created, 202 Accepted, 204 No Content, 206 Partial Content,…](https://reader033.fdocuments.in/reader033/viewer/2022050107/5f457657fbb1f00ea15cf460/html5/thumbnails/44.jpg)
HTTP: methods
A method is considered safeif it does not modify the server state
i.e. no side-effect actions are performed on the server
GET and HEAD are safe
POST, PUT and DELETE are not safe
advanced
![Page 45: Tehnologii Webandrei.panu/lectures/EN_web...here, from HTTP to WebSocket (RFC 6455) HTTP: status Success (2xx) 200 Ok, 201 Created, 202 Accepted, 204 No Content, 206 Partial Content,…](https://reader033.fdocuments.in/reader033/viewer/2022050107/5f457657fbb1f00ea15cf460/html5/thumbnails/45.jpg)
HTTP: methods
A method is considered idempotent when it can be called many times without different outcomes,returning the same response (representation)
GET, HEAD, PUT and DELETE are idempotent
POST is not idempotent
advanced
![Page 46: Tehnologii Webandrei.panu/lectures/EN_web...here, from HTTP to WebSocket (RFC 6455) HTTP: status Success (2xx) 200 Ok, 201 Created, 202 Accepted, 204 No Content, 206 Partial Content,…](https://reader033.fdocuments.in/reader033/viewer/2022050107/5f457657fbb1f00ea15cf460/html5/thumbnails/46.jpg)
HTTP: resource representations
Character set encodings
ISO-8859-1ISO-8859-2
KOI8-RISO-2022-JP
UTF-8UTF-16 Little Endian
…
![Page 47: Tehnologii Webandrei.panu/lectures/EN_web...here, from HTTP to WebSocket (RFC 6455) HTTP: status Success (2xx) 200 Ok, 201 Created, 202 Accepted, 204 No Content, 206 Partial Content,…](https://reader033.fdocuments.in/reader033/viewer/2022050107/5f457657fbb1f00ea15cf460/html5/thumbnails/47.jpg)
HTTP: resource representations
Message (content) encodings
compression, identity and/or integrity
traditional approach: gzip – www.gzip.org
modern approach: Brotli – tools.ietf.org/html/rfc7932
![Page 48: Tehnologii Webandrei.panu/lectures/EN_web...here, from HTTP to WebSocket (RFC 6455) HTTP: status Success (2xx) 200 Ok, 201 Created, 202 Accepted, 204 No Content, 206 Partial Content,…](https://reader033.fdocuments.in/reader033/viewer/2022050107/5f457657fbb1f00ea15cf460/html5/thumbnails/48.jpg)
HTTP: resource representations
Representation formats
textHTML, CSS, plain text, JavaScript code, XML document
or
binaryimage, PDF document, multimedia resource, archive
![Page 49: Tehnologii Webandrei.panu/lectures/EN_web...here, from HTTP to WebSocket (RFC 6455) HTTP: status Success (2xx) 200 Ok, 201 Created, 202 Accepted, 204 No Content, 206 Partial Content,…](https://reader033.fdocuments.in/reader033/viewer/2022050107/5f457657fbb1f00ea15cf460/html5/thumbnails/49.jpg)
HTTP: resource representations
Resource’s content type
media types
![Page 50: Tehnologii Webandrei.panu/lectures/EN_web...here, from HTTP to WebSocket (RFC 6455) HTTP: status Success (2xx) 200 Ok, 201 Created, 202 Accepted, 204 No Content, 206 Partial Content,…](https://reader033.fdocuments.in/reader033/viewer/2022050107/5f457657fbb1f00ea15cf460/html5/thumbnails/50.jpg)
HTTP: header fields (attributes)
Content-Type
permits the transfer of any kind of data
Content-Type: type/subtype
![Page 51: Tehnologii Webandrei.panu/lectures/EN_web...here, from HTTP to WebSocket (RFC 6455) HTTP: status Success (2xx) 200 Ok, 201 Created, 202 Accepted, 204 No Content, 206 Partial Content,…](https://reader033.fdocuments.in/reader033/viewer/2022050107/5f457657fbb1f00ea15cf460/html5/thumbnails/51.jpg)
HTTP: header fields (attributes)
Content-Type
specified by Media Types – MIME(Multipurpose Internet Mail Extensions)
denotes a set of primary content types+ additional sub-types
initially, used in the e-mail context
![Page 52: Tehnologii Webandrei.panu/lectures/EN_web...here, from HTTP to WebSocket (RFC 6455) HTTP: status Success (2xx) 200 Ok, 201 Created, 202 Accepted, 204 No Content, 206 Partial Content,…](https://reader033.fdocuments.in/reader033/viewer/2022050107/5f457657fbb1f00ea15cf460/html5/thumbnails/52.jpg)
HTTP: header fields (attributes)
Primary types
text indicates textual formats
text/plain – unformatted texttext/html – HTML document
text/css – CSS (Cascading Style Sheets) resource
![Page 53: Tehnologii Webandrei.panu/lectures/EN_web...here, from HTTP to WebSocket (RFC 6455) HTTP: status Success (2xx) 200 Ok, 201 Created, 202 Accepted, 204 No Content, 206 Partial Content,…](https://reader033.fdocuments.in/reader033/viewer/2022050107/5f457657fbb1f00ea15cf460/html5/thumbnails/53.jpg)
HTTP: header fields (attributes)
Primary types
image specifies graphical formats
image/gif – GIF (Graphics Interchange Format) imagesimage/jpeg – JPEG (Joint Picture Experts Group) photosimage/png – PNG (Portable Network Graphics) pictures
image/webp – WebP (Web Picture Format) imagesimage/svg+xml – SVG (Scalable Vector Graphics) illustrations
![Page 54: Tehnologii Webandrei.panu/lectures/EN_web...here, from HTTP to WebSocket (RFC 6455) HTTP: status Success (2xx) 200 Ok, 201 Created, 202 Accepted, 204 No Content, 206 Partial Content,…](https://reader033.fdocuments.in/reader033/viewer/2022050107/5f457657fbb1f00ea15cf460/html5/thumbnails/54.jpg)
HTTP: header fields (attributes)
Primary types
audio denotes audio content
audio/mpeg – resource encoded in MP3 formatspecification for audio data according to the MPEG (MotionPicture Experts Group) standard – tools.ietf.org/html/rfc3003
audio/ac3 – compressed audio resourceconforming to AC-3 standard – www.atsc.org/standards/
![Page 55: Tehnologii Webandrei.panu/lectures/EN_web...here, from HTTP to WebSocket (RFC 6455) HTTP: status Success (2xx) 200 Ok, 201 Created, 202 Accepted, 204 No Content, 206 Partial Content,…](https://reader033.fdocuments.in/reader033/viewer/2022050107/5f457657fbb1f00ea15cf460/html5/thumbnails/55.jpg)
HTTP: header fields (attributes)
Primary types
video defines video content: animations, films
video/h264 – resource in H.264 formatwww.itu.int/rec/T-REC-H.264
video/ogg – content encoded in OGG open formatwww.xiph.org/ogg/
![Page 56: Tehnologii Webandrei.panu/lectures/EN_web...here, from HTTP to WebSocket (RFC 6455) HTTP: status Success (2xx) 200 Ok, 201 Created, 202 Accepted, 204 No Content, 206 Partial Content,…](https://reader033.fdocuments.in/reader033/viewer/2022050107/5f457657fbb1f00ea15cf460/html5/thumbnails/56.jpg)
HTTP: header fields (attributes)
Primary types
application signifies formats that can be processed by applications on the client-side
application/javascript – JavaScript programapplication/json – JSON data
application/octet-stream – stream of arbitrary bytes
![Page 57: Tehnologii Webandrei.panu/lectures/EN_web...here, from HTTP to WebSocket (RFC 6455) HTTP: status Success (2xx) 200 Ok, 201 Created, 202 Accepted, 204 No Content, 206 Partial Content,…](https://reader033.fdocuments.in/reader033/viewer/2022050107/5f457657fbb1f00ea15cf460/html5/thumbnails/57.jpg)
HTTP: header fields (attributes)
Primary types
multipart used to transfer composed data
multipart/mixed – mixed contentmultipart/alternative – alternative contents
e.g., different qualities of multimedia streams
![Page 58: Tehnologii Webandrei.panu/lectures/EN_web...here, from HTTP to WebSocket (RFC 6455) HTTP: status Success (2xx) 200 Ok, 201 Created, 202 Accepted, 204 No Content, 206 Partial Content,…](https://reader033.fdocuments.in/reader033/viewer/2022050107/5f457657fbb1f00ea15cf460/html5/thumbnails/58.jpg)
N. Freed et al., Media Types (13 February 2020)
www.iana.org/assignments/media-types/media-types.xhtml
calendar+json application/calendar+json Calendar in JSON format
csv text/csv CSV data
opus audio/opus Opus audio resource
msword application/msword Word (MS Office) document
tiff image/tiff Image in TIFF format
vnd.rar application/vnd.rar Proprietary format
VP8 video/VP8 Video format VP8: RFC 7741
zip application/zip ZIP archive
![Page 59: Tehnologii Webandrei.panu/lectures/EN_web...here, from HTTP to WebSocket (RFC 6455) HTTP: status Success (2xx) 200 Ok, 201 Created, 202 Accepted, 204 No Content, 206 Partial Content,…](https://reader033.fdocuments.in/reader033/viewer/2022050107/5f457657fbb1f00ea15cf460/html5/thumbnails/59.jpg)
HTTP: header fields (attributes)
Location
Location ":" "http(s)://" authority [ ":" port ] [ abs_path ]
redirects the client to another resource representation(HTTP redirect)
Location: http://somewhere.info:8080/moved.html
![Page 60: Tehnologii Webandrei.panu/lectures/EN_web...here, from HTTP to WebSocket (RFC 6455) HTTP: status Success (2xx) 200 Ok, 201 Created, 202 Accepted, 204 No Content, 206 Partial Content,…](https://reader033.fdocuments.in/reader033/viewer/2022050107/5f457657fbb1f00ea15cf460/html5/thumbnails/60.jpg)
HTTP: header fields (attributes)
Referer
denotes the URI of a Web resource that refers to the current resource
used to know the source of the requests to a given document (back-links) for analytics, logging, caching,…
![Page 61: Tehnologii Webandrei.panu/lectures/EN_web...here, from HTTP to WebSocket (RFC 6455) HTTP: status Success (2xx) 200 Ok, 201 Created, 202 Accepted, 204 No Content, 206 Partial Content,…](https://reader033.fdocuments.in/reader033/viewer/2022050107/5f457657fbb1f00ea15cf460/html5/thumbnails/61.jpg)
HTTP: header fields (attributes)
Host
specifies the target address – IP or symbolic domain – of the machine supposed to provide
a requested resource
![Page 62: Tehnologii Webandrei.panu/lectures/EN_web...here, from HTTP to WebSocket (RFC 6455) HTTP: status Success (2xx) 200 Ok, 201 Created, 202 Accepted, 204 No Content, 206 Partial Content,…](https://reader033.fdocuments.in/reader033/viewer/2022050107/5f457657fbb1f00ea15cf460/html5/thumbnails/62.jpg)
HTTP: header fields (attributes)
Other existing fields concern the following:
accepted content (content negociation) – e.g., Accept
authentication & authorization – WWW-Authenticate Authorization
conditional access to resources – If-Match, If-Modified-Since,…caching policies – Cache-Control, Expires, ETag, etc.proxy – Proxy-Authenticate, Proxy-Authorization, Via
HTTP push – Topic, TTL, Urgency
…and otherswww.iana.org/assignments/message-headers/message-headers.xhtml
advanced
![Page 63: Tehnologii Webandrei.panu/lectures/EN_web...here, from HTTP to WebSocket (RFC 6455) HTTP: status Success (2xx) 200 Ok, 201 Created, 202 Accepted, 204 No Content, 206 Partial Content,…](https://reader033.fdocuments.in/reader033/viewer/2022050107/5f457657fbb1f00ea15cf460/html5/thumbnails/63.jpg)
HTTP: status
Informational (1xx)
100 Continue, 101 Switching Protocols, 102 Processing
switching protocolhere, from HTTP to WebSocket (RFC 6455)
![Page 64: Tehnologii Webandrei.panu/lectures/EN_web...here, from HTTP to WebSocket (RFC 6455) HTTP: status Success (2xx) 200 Ok, 201 Created, 202 Accepted, 204 No Content, 206 Partial Content,…](https://reader033.fdocuments.in/reader033/viewer/2022050107/5f457657fbb1f00ea15cf460/html5/thumbnails/64.jpg)
HTTP: status
Success (2xx)
200 Ok, 201 Created, 202 Accepted,204 No Content, 206 Partial Content,…
OPTIONS – method to determine server capabilities or requirements for a resource
![Page 65: Tehnologii Webandrei.panu/lectures/EN_web...here, from HTTP to WebSocket (RFC 6455) HTTP: status Success (2xx) 200 Ok, 201 Created, 202 Accepted, 204 No Content, 206 Partial Content,…](https://reader033.fdocuments.in/reader033/viewer/2022050107/5f457657fbb1f00ea15cf460/html5/thumbnails/65.jpg)
HTTP: status
Redirection (3xx)
300 Multiple Choices, 301 Moved Permanently, 302 Found,303 See Other, 304 Not Modified, 305 Use Proxy etc.
![Page 66: Tehnologii Webandrei.panu/lectures/EN_web...here, from HTTP to WebSocket (RFC 6455) HTTP: status Success (2xx) 200 Ok, 201 Created, 202 Accepted, 204 No Content, 206 Partial Content,…](https://reader033.fdocuments.in/reader033/viewer/2022050107/5f457657fbb1f00ea15cf460/html5/thumbnails/66.jpg)
HTTP: status
Client Error (4xx)
400 Bad Request, 401 Unauthorized, 403 Forbidden,
405 Method Not Allowed, 408 Request Timeout, 410 Gone,
414 Request-URI Too Long, 415 Unsupported Media Type,
423 Locked, 429 Too Many Requests,…
![Page 67: Tehnologii Webandrei.panu/lectures/EN_web...here, from HTTP to WebSocket (RFC 6455) HTTP: status Success (2xx) 200 Ok, 201 Created, 202 Accepted, 204 No Content, 206 Partial Content,…](https://reader033.fdocuments.in/reader033/viewer/2022050107/5f457657fbb1f00ea15cf460/html5/thumbnails/67.jpg)
HTTP: status
Server Error (5xx)
500 Internal Server Error, 502 Bad Gateway,
503 Service Unavailable, 504 Gateway Timeout,
505 HTTP Version Not Supported, 508 Loop Detected,…
![Page 68: Tehnologii Webandrei.panu/lectures/EN_web...here, from HTTP to WebSocket (RFC 6455) HTTP: status Success (2xx) 200 Ok, 201 Created, 202 Accepted, 204 No Content, 206 Partial Content,…](https://reader033.fdocuments.in/reader033/viewer/2022050107/5f457657fbb1f00ea15cf460/html5/thumbnails/68.jpg)
HTTP: starea
Cloudflare offers content distribution services, ensuring performance and security of Web applications and has a role of reverse proxy, being located between the user’s
Web browser and the site hosted on the target Web server
advanced
![Page 69: Tehnologii Webandrei.panu/lectures/EN_web...here, from HTTP to WebSocket (RFC 6455) HTTP: status Success (2xx) 200 Ok, 201 Created, 202 Accepted, 204 No Content, 206 Partial Content,…](https://reader033.fdocuments.in/reader033/viewer/2022050107/5f457657fbb1f00ea15cf460/html5/thumbnails/69.jpg)
HTTP: logging
Requests sent to a Web server are logged
Common Log Format
standardized text file format
for Apache HTTP Server: mod_log_config module
httpd.apache.org/docs/current/logs.html
![Page 70: Tehnologii Webandrei.panu/lectures/EN_web...here, from HTTP to WebSocket (RFC 6455) HTTP: status Success (2xx) 200 Ok, 201 Created, 202 Accepted, 204 No Content, 206 Partial Content,…](https://reader033.fdocuments.in/reader033/viewer/2022050107/5f457657fbb1f00ea15cf460/html5/thumbnails/70.jpg)
w10.uaic.ro - msi2018 [13/Feb/2019:14:53:14 +0200] "GET /~vidrascu/MasterSI2/note/Restanta.pdf HTTP/1.1" 206 25227 "http://profs.info.uaic.ro/~vidrascu/MasterSI2/index.html" "...Chrome/72.0.3626.109"
82-137-8-231.rdsnet.ro - - [13/Feb/2019:15:38:23 +0200] "POST /~computernetworks/login.php HTTP/1.1" 302 1115 "http://profs.info.uaic.ro/~computernetworks/login.php" "...X11; Ubuntu; Linux x86_64 ... Firefox/65.0"
ec2-23-21-0-202.compute-1.amazonaws.com - - [13/Feb/2018:15:48:29 +0200] "GET /~busaco/teach/courses/web/presentations/web01ArhitecturaWeb.pdf HTTP/1.1" 200 2081804 "-" "HTTP_Request2/2.3.0 (http://pear.php.net/package/http_request2)..."
199.16.156.126 - - [13/Feb/2018:15:58:58 +0200] "GET /robots.txt HTTP/1.1" 404 182 "-" "Twitterbot/1.0"
psihologie-c-113.psih.uaic.ro - - [13/Feb/2019:16:03:04 +0200] "GET /~busaco/ HTTP/1.1" 200 1942 "-" "... Firefox/64.0..."
psihologie-c-113.psih.uaic.ro - - [13/Feb/2019:16:03:04 +0200] "GET /~busaco/csb.css HTTP/1.1" 200 852 "http://profs.info.uaic.ro/~busaco/" "... Firefox/64.0..."
proxy-220-255-2-224.singnet.com.sg - - [13/Feb/2019:16:23:23 +0200] "GET /favicon.ico HTTP/1.1" 200 1406 "-" "...UCBrowser/11.3.8.976..."
c2.uaic.ro - - [13/Feb/2018:16:33:43 +0200]"GET /~busaco/teach/courses/web/ HTTP/1.1" 304 - "-" "...Chrome/72.0.3626.109..."
220.181.51.219 - - [13/Feb/2019:19:20:20 +0200] "HEAD /%7Ebusaco/music/09.Sabin%20Buraga%20-...mp3 HTTP/1.0" 200 - "-" "NSPlayer/10.0.0.4072 WMFSDK/10.0"
![Page 71: Tehnologii Webandrei.panu/lectures/EN_web...here, from HTTP to WebSocket (RFC 6455) HTTP: status Success (2xx) 200 Ok, 201 Created, 202 Accepted, 204 No Content, 206 Partial Content,…](https://reader033.fdocuments.in/reader033/viewer/2022050107/5f457657fbb1f00ea15cf460/html5/thumbnails/71.jpg)
HTTP: example of a request
GET /~busaco/teach/courses/web/web-film.html HTTP/1.1
Host: profs.info.uaic.ro
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 12_1
like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko)
Version/12.0 Mobile/15E148 Safari/604.1
Accept: text/html,application/xhtml+xml;q=0.9,*/*;q=0.8
Accept-Language: en-us, en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: https://profs.info.uaic.ro/~busaco/teach/courses/web/
![Page 72: Tehnologii Webandrei.panu/lectures/EN_web...here, from HTTP to WebSocket (RFC 6455) HTTP: status Success (2xx) 200 Ok, 201 Created, 202 Accepted, 204 No Content, 206 Partial Content,…](https://reader033.fdocuments.in/reader033/viewer/2022050107/5f457657fbb1f00ea15cf460/html5/thumbnails/72.jpg)
con
ten
t
header fields(meta-data)
HTTP: example of a response
HTTP/1.1 200 OK
Date: Tue, 18 Feb 2020 12:28:01 GMT
Server: Apache
Last-Modified: Tue, 18 Feb 2020 07:46:02 GMT
Content-Encoding: gzip
Content-Length: 11064
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml"
lang="ro" xml:lang="ro">
…
</html>
![Page 73: Tehnologii Webandrei.panu/lectures/EN_web...here, from HTTP to WebSocket (RFC 6455) HTTP: status Success (2xx) 200 Ok, 201 Created, 202 Accepted, 204 No Content, 206 Partial Content,…](https://reader033.fdocuments.in/reader033/viewer/2022050107/5f457657fbb1f00ea15cf460/html5/thumbnails/73.jpg)
avansat
eventually, data regarding
client authentication may be
provided
online inspection of HTTP messages
through the httpbin.org Web application
![Page 74: Tehnologii Webandrei.panu/lectures/EN_web...here, from HTTP to WebSocket (RFC 6455) HTTP: status Success (2xx) 200 Ok, 201 Created, 202 Accepted, 204 No Content, 206 Partial Content,…](https://reader033.fdocuments.in/reader033/viewer/2022050107/5f457657fbb1f00ea15cf460/html5/thumbnails/74.jpg)
X fields are not
standardized
GET /services/feeds/photos_public.gne?tags=FII,Iasi
Host: www.flickr.com
…
HTTP/2 200 OK
Content-Type: application/atom+xml; charset=utf-8
Date: Mon, 17 Feb 2020 06:48:49 GMT
Server: Apache/2.4.41 (Ubuntu)
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-modified: Sun, 02 Nov 2014 06:58:25 GMT
Cache-control: private, no-store, no-cache, must-revalidate
Pragma: no-cache
X-Frame-Options: SAMEORIGIN
X-Cache: Miss from cloudfront
Via: 1.1 46d5c1a4d1e3a5c8a14bdb9b6676ba11.cloudfront.net (CloudFront)
X-Firefox-Spdy: h2
expires in the past
(won’t be kept in cache)
data in Atom format
(processed by the
client)
obtaining information about public pictures offered by Flickr
advanced
![Page 75: Tehnologii Webandrei.panu/lectures/EN_web...here, from HTTP to WebSocket (RFC 6455) HTTP: status Success (2xx) 200 Ok, 201 Created, 202 Accepted, 204 No Content, 206 Partial Content,…](https://reader033.fdocuments.in/reader033/viewer/2022050107/5f457657fbb1f00ea15cf460/html5/thumbnails/75.jpg)
HTTP: logging – HAR format
The interaction between the browser and the Web server (requests + responses) can be stored in HAR files (HTTP
ARchive)
JSON based formatwww.softwareishard.com/blog/har-12-spec/
example: gist.github.com/igrigorik/3495174
advanced
![Page 76: Tehnologii Webandrei.panu/lectures/EN_web...here, from HTTP to WebSocket (RFC 6455) HTTP: status Success (2xx) 200 Ok, 201 Created, 202 Accepted, 204 No Content, 206 Partial Content,…](https://reader033.fdocuments.in/reader033/viewer/2022050107/5f457657fbb1f00ea15cf460/html5/thumbnails/76.jpg)
HTTP: logging – HAR format
The interaction between the browser and the Web server (requests + responses) can be stored in HAR files (HTTP
ARchive)
main purpose: analyzing Web traffic
important aspect: performance
consult httparchive.org
advanced
![Page 77: Tehnologii Webandrei.panu/lectures/EN_web...here, from HTTP to WebSocket (RFC 6455) HTTP: status Success (2xx) 200 Ok, 201 Created, 202 Accepted, 204 No Content, 206 Partial Content,…](https://reader033.fdocuments.in/reader033/viewer/2022050107/5f457657fbb1f00ea15cf460/html5/thumbnails/77.jpg)
HTTP: APIs (libraries)
advanced
cURL + libcurl(C, Java, Haskell, .NET, PHP, Ruby,…) – curl.haxx.se
Apache HttpComponents (Java) – hc.apache.org
http.client (Python 3)
Hyper (Rust library): github.com/hyperium/hyper
LibHTTP (C library): www.libhttp.org
WinHTTP(specific for Windows: C/C++) – tinyurl.com/6eemqqc
![Page 78: Tehnologii Webandrei.panu/lectures/EN_web...here, from HTTP to WebSocket (RFC 6455) HTTP: status Success (2xx) 200 Ok, 201 Created, 202 Accepted, 204 No Content, 206 Partial Content,…](https://reader033.fdocuments.in/reader033/viewer/2022050107/5f457657fbb1f00ea15cf460/html5/thumbnails/78.jpg)
HTTP: client-side tools
advanced
Google Chrome Developer Toolsdevelopers.google.com/web/tools/chrome-devtools/
Firefox Developer Toolsdeveloper.mozilla.org/docs/Tools
Fiddler – free Web debugging proxywww.telerik.com/fiddler
![Page 79: Tehnologii Webandrei.panu/lectures/EN_web...here, from HTTP to WebSocket (RFC 6455) HTTP: status Success (2xx) 200 Ok, 201 Created, 202 Accepted, 204 No Content, 206 Partial Content,…](https://reader033.fdocuments.in/reader033/viewer/2022050107/5f457657fbb1f00ea15cf460/html5/thumbnails/79.jpg)
advanced
inspecting HTTP requests made by the browser
![Page 80: Tehnologii Webandrei.panu/lectures/EN_web...here, from HTTP to WebSocket (RFC 6455) HTTP: status Success (2xx) 200 Ok, 201 Created, 202 Accepted, 204 No Content, 206 Partial Content,…](https://reader033.fdocuments.in/reader033/viewer/2022050107/5f457657fbb1f00ea15cf460/html5/thumbnails/80.jpg)
(instead of) break
cookie stealinggeekshumor.com/cookie-stealing/
![Page 81: Tehnologii Webandrei.panu/lectures/EN_web...here, from HTTP to WebSocket (RFC 6455) HTTP: status Success (2xx) 200 Ok, 201 Created, 202 Accepted, 204 No Content, 206 Partial Content,…](https://reader033.fdocuments.in/reader033/viewer/2022050107/5f457657fbb1f00ea15cf460/html5/thumbnails/81.jpg)
How about the Web server’s architecture?
![Page 82: Tehnologii Webandrei.panu/lectures/EN_web...here, from HTTP to WebSocket (RFC 6455) HTTP: status Success (2xx) 200 Ok, 201 Created, 202 Accepted, 204 No Content, 206 Partial Content,…](https://reader033.fdocuments.in/reader033/viewer/2022050107/5f457657fbb1f00ea15cf460/html5/thumbnails/82.jpg)
HTTP: Web server
Fulfills multiple requests from the clients using the HTTP protocol
![Page 83: Tehnologii Webandrei.panu/lectures/EN_web...here, from HTTP to WebSocket (RFC 6455) HTTP: status Success (2xx) 200 Ok, 201 Created, 202 Accepted, 204 No Content, 206 Partial Content,…](https://reader033.fdocuments.in/reader033/viewer/2022050107/5f457657fbb1f00ea15cf460/html5/thumbnails/83.jpg)
HTTP: Web server
Fulfills multiple requests from the clients using the HTTP protocol
each request is considered independent from others, even though it comes from the same Web client
connection state is not kept – stateless
![Page 84: Tehnologii Webandrei.panu/lectures/EN_web...here, from HTTP to WebSocket (RFC 6455) HTTP: status Success (2xx) 200 Ok, 201 Created, 202 Accepted, 204 No Content, 206 Partial Content,…](https://reader033.fdocuments.in/reader033/viewer/2022050107/5f457657fbb1f00ea15cf460/html5/thumbnails/84.jpg)
HTTP: Web server
Traditionally, the Web server implementation
is either pre-forked or pre-threaded
on initialization, a number of child processes or threads are created, each process/thread interacting to
a distinct client
see the supplement (in
Romanian) regarding Apache
HTTP Server
![Page 85: Tehnologii Webandrei.panu/lectures/EN_web...here, from HTTP to WebSocket (RFC 6455) HTTP: status Success (2xx) 200 Ok, 201 Created, 202 Accepted, 204 No Content, 206 Partial Content,…](https://reader033.fdocuments.in/reader033/viewer/2022050107/5f457657fbb1f00ea15cf460/html5/thumbnails/85.jpg)
How can we develop the back-end of Web applications?
![Page 86: Tehnologii Webandrei.panu/lectures/EN_web...here, from HTTP to WebSocket (RFC 6455) HTTP: status Success (2xx) 200 Ok, 201 Created, 202 Accepted, 204 No Content, 206 Partial Content,…](https://reader033.fdocuments.in/reader033/viewer/2022050107/5f457657fbb1f00ea15cf460/html5/thumbnails/86.jpg)
necessity
Dynamic generation – on the server –of representations of resources
requested by clients
![Page 87: Tehnologii Webandrei.panu/lectures/EN_web...here, from HTTP to WebSocket (RFC 6455) HTTP: status Success (2xx) 200 Ok, 201 Created, 202 Accepted, 204 No Content, 206 Partial Content,…](https://reader033.fdocuments.in/reader033/viewer/2022050107/5f457657fbb1f00ea15cf460/html5/thumbnails/87.jpg)
solutions
CGI – Common Gateway Interface
Web application servers
Web frameworks
![Page 88: Tehnologii Webandrei.panu/lectures/EN_web...here, from HTTP to WebSocket (RFC 6455) HTTP: status Success (2xx) 200 Ok, 201 Created, 202 Accepted, 204 No Content, 206 Partial Content,…](https://reader033.fdocuments.in/reader033/viewer/2022050107/5f457657fbb1f00ea15cf460/html5/thumbnails/88.jpg)
solution: cgi
Language-independent programming interfacefacilitating the interaction between clients and
programs invoked on the Web server
de facto standard
RFC 3875 – tools.ietf.org/html/rfc3875
www.w3.org/CGI/
![Page 89: Tehnologii Webandrei.panu/lectures/EN_web...here, from HTTP to WebSocket (RFC 6455) HTTP: status Success (2xx) 200 Ok, 201 Created, 202 Accepted, 204 No Content, 206 Partial Content,…](https://reader033.fdocuments.in/reader033/viewer/2022050107/5f457657fbb1f00ea15cf460/html5/thumbnails/89.jpg)
cgi
A CGI program (script) is invoked on server
directly
i.e., retrieving data from a Web form after the submit button is pressed
![Page 90: Tehnologii Webandrei.panu/lectures/EN_web...here, from HTTP to WebSocket (RFC 6455) HTTP: status Success (2xx) 200 Ok, 201 Created, 202 Accepted, 204 No Content, 206 Partial Content,…](https://reader033.fdocuments.in/reader033/viewer/2022050107/5f457657fbb1f00ea15cf460/html5/thumbnails/90.jpg)
cgi
A CGI program (script) is invoked on server
indirectly
example: at each visit a new ad (e.g., banner) is generated
![Page 91: Tehnologii Webandrei.panu/lectures/EN_web...here, from HTTP to WebSocket (RFC 6455) HTTP: status Success (2xx) 200 Ok, 201 Created, 202 Accepted, 204 No Content, 206 Partial Content,…](https://reader033.fdocuments.in/reader033/viewer/2022050107/5f457657fbb1f00ea15cf460/html5/thumbnails/91.jpg)
cgi
CGI scripts can be written in any language available on the server
interpreted languagesbash, Perl – e.g., Perl::CGI module –, Python, Ruby,...
compiled languagesC, C++, Rust, etc.
![Page 92: Tehnologii Webandrei.panu/lectures/EN_web...here, from HTTP to WebSocket (RFC 6455) HTTP: status Success (2xx) 200 Ok, 201 Created, 202 Accepted, 204 No Content, 206 Partial Content,…](https://reader033.fdocuments.in/reader033/viewer/2022050107/5f457657fbb1f00ea15cf460/html5/thumbnails/92.jpg)
cgi: programming
Any CGI program will write data – the representation of a Web resource –
at standard output (stdout)
![Page 93: Tehnologii Webandrei.panu/lectures/EN_web...here, from HTTP to WebSocket (RFC 6455) HTTP: status Success (2xx) 200 Ok, 201 Created, 202 Accepted, 204 No Content, 206 Partial Content,…](https://reader033.fdocuments.in/reader033/viewer/2022050107/5f457657fbb1f00ea15cf460/html5/thumbnails/93.jpg)
cgi: programming
To denote the type of the generated representation, HTTP headers are used – MIME (Media Types)
example: Content-type: text/html
![Page 94: Tehnologii Webandrei.panu/lectures/EN_web...here, from HTTP to WebSocket (RFC 6455) HTTP: status Success (2xx) 200 Ok, 201 Created, 202 Accepted, 204 No Content, 206 Partial Content,…](https://reader033.fdocuments.in/reader033/viewer/2022050107/5f457657fbb1f00ea15cf460/html5/thumbnails/94.jpg)
cgi: programming
Interaction between the client and Web server
Web Server
Web Client
request
response
script
invo-cation
![Page 95: Tehnologii Webandrei.panu/lectures/EN_web...here, from HTTP to WebSocket (RFC 6455) HTTP: status Success (2xx) 200 Ok, 201 Created, 202 Accepted, 204 No Content, 206 Partial Content,…](https://reader033.fdocuments.in/reader033/viewer/2022050107/5f457657fbb1f00ea15cf460/html5/thumbnails/95.jpg)
cgi: variables
A CGI script has access to environment variables
associated to the request sent to the CGI program:
REQUEST_METHOD – HTTP method (GET, POST,…)QUERY_STRING – data transmitted to the clientREMOTE_HOST, REMOTE_ADDR – client address
CONTENT_TYPE – content type as MIME (Media Type)CONTENT_LENGTH – content length in bytes
![Page 96: Tehnologii Webandrei.panu/lectures/EN_web...here, from HTTP to WebSocket (RFC 6455) HTTP: status Success (2xx) 200 Ok, 201 Created, 202 Accepted, 204 No Content, 206 Partial Content,…](https://reader033.fdocuments.in/reader033/viewer/2022050107/5f457657fbb1f00ea15cf460/html5/thumbnails/96.jpg)
cgi: variables
Additional variablesusually, generated by the Web server:
HTTP_ACCEPT – MIME types accepted by client (browser)HTTP_COOKIE – data about cookiesHTTP_HOST – information regarding the host (client)HTTP_USER_AGENT – information about the client
…and others
![Page 97: Tehnologii Webandrei.panu/lectures/EN_web...here, from HTTP to WebSocket (RFC 6455) HTTP: status Success (2xx) 200 Ok, 201 Created, 202 Accepted, 204 No Content, 206 Partial Content,…](https://reader033.fdocuments.in/reader033/viewer/2022050107/5f457657fbb1f00ea15cf460/html5/thumbnails/97.jpg)
a result received by Web client after the invocation via GET on Web server
of variabile.cgi script(having read & execution rights)
#!/bin/bash# Setting the content typeecho "Content-type: text/plain"; echo
# Executing 'set' command in Linux# to show environment variablesset
![Page 98: Tehnologii Webandrei.panu/lectures/EN_web...here, from HTTP to WebSocket (RFC 6455) HTTP: status Success (2xx) 200 Ok, 201 Created, 202 Accepted, 204 No Content, 206 Partial Content,…](https://reader033.fdocuments.in/reader033/viewer/2022050107/5f457657fbb1f00ea15cf460/html5/thumbnails/98.jpg)
/* hello.c
(compile with gcc hello.c –o hello.cgi) */
#include <stdio.h>
int main() {
int msgs; /* number of messages */
printf ("Content-type: text/html\n\n");
for (msgs = 0; msgs < 10; msgs++) {
printf ("<p>Hello, world!</p>");
}
return 0;
}
#!/usr/bin/python
# hello.py.cgi
print "Content-type: text/html\n"
for messages in range (0, 10):
print "<p>Hello, world!</p>"
#!/bin/bash
# hello.sh.cgi
echo "Content-type: text/html"
echo
MESSAGES=0
while [ $MESSAGES -lt 10 ]
do
echo "<p>Hello, world!</p>"
let MESSAGES=MESSAGES+1
done
CGI programs written in C, bash, Python generating the same HTML content
advanced
![Page 99: Tehnologii Webandrei.panu/lectures/EN_web...here, from HTTP to WebSocket (RFC 6455) HTTP: status Success (2xx) 200 Ok, 201 Created, 202 Accepted, 204 No Content, 206 Partial Content,…](https://reader033.fdocuments.in/reader033/viewer/2022050107/5f457657fbb1f00ea15cf460/html5/thumbnails/99.jpg)
cgi: invocare
the client – i.e. browser – receives as response the representation – here, HTML page –
generated by the CGI program invoked by the Web server
this representation is processed and, eventually, displayed in a (zone of a) browser window
![Page 100: Tehnologii Webandrei.panu/lectures/EN_web...here, from HTTP to WebSocket (RFC 6455) HTTP: status Success (2xx) 200 Ok, 201 Created, 202 Accepted, 204 No Content, 206 Partial Content,…](https://reader033.fdocuments.in/reader033/viewer/2022050107/5f457657fbb1f00ea15cf460/html5/thumbnails/100.jpg)
cgi: invocare
by experimenting other MIME types, the browser displays the following:
Content-type: text/plain Content-type: text/xml
![Page 101: Tehnologii Webandrei.panu/lectures/EN_web...here, from HTTP to WebSocket (RFC 6455) HTTP: status Success (2xx) 200 Ok, 201 Created, 202 Accepted, 204 No Content, 206 Partial Content,…](https://reader033.fdocuments.in/reader033/viewer/2022050107/5f457657fbb1f00ea15cf460/html5/thumbnails/101.jpg)
cgi: invocation
<form action="http://profs.info.uaic.ro/~.../get-max.cgi"method="GET">
<p>Enter two numbers :<input type="text" name="no1" /> <input type="text" name="no2" /> </p><input type="submit" value="Compute maximum" />
</form>
invocation from an interactive Web formin this case, using the GET method
![Page 102: Tehnologii Webandrei.panu/lectures/EN_web...here, from HTTP to WebSocket (RFC 6455) HTTP: status Success (2xx) 200 Ok, 201 Created, 202 Accepted, 204 No Content, 206 Partial Content,…](https://reader033.fdocuments.in/reader033/viewer/2022050107/5f457657fbb1f00ea15cf460/html5/thumbnails/102.jpg)
cgi: invocation
special URL in GET case
![Page 103: Tehnologii Webandrei.panu/lectures/EN_web...here, from HTTP to WebSocket (RFC 6455) HTTP: status Success (2xx) 200 Ok, 201 Created, 202 Accepted, 204 No Content, 206 Partial Content,…](https://reader033.fdocuments.in/reader033/viewer/2022050107/5f457657fbb1f00ea15cf460/html5/thumbnails/103.jpg)
cgi: invocation
For each form field, a field_name=value pair – delimited by & – is generated and added to the URL
of the CGI script to be invoked on server
http://profs.info.uaic.ro/~busaco/cgi/get-max.cgi?no1=7&no2=4
![Page 104: Tehnologii Webandrei.panu/lectures/EN_web...here, from HTTP to WebSocket (RFC 6455) HTTP: status Success (2xx) 200 Ok, 201 Created, 202 Accepted, 204 No Content, 206 Partial Content,…](https://reader033.fdocuments.in/reader033/viewer/2022050107/5f457657fbb1f00ea15cf460/html5/thumbnails/104.jpg)
cgi: invocation
Real-life examples:
http://usabilitygeek.com/?s=web+design
https://www.youtube.com/watch?v=elfSzMATcB4#t=45
https://twitter.com/search?q=web%20development&src=typd
https://developer.mozilla.org/search?q=ajax&topic=apps
this URL is encoded – URL encoding
see first lecture
![Page 105: Tehnologii Webandrei.panu/lectures/EN_web...here, from HTTP to WebSocket (RFC 6455) HTTP: status Success (2xx) 200 Ok, 201 Created, 202 Accepted, 204 No Content, 206 Partial Content,…](https://reader033.fdocuments.in/reader033/viewer/2022050107/5f457657fbb1f00ea15cf460/html5/thumbnails/105.jpg)
cgi: invocation
The server will invoke a CGI script passing the data at standard input (stdin)
orvia environment variables
![Page 106: Tehnologii Webandrei.panu/lectures/EN_web...here, from HTTP to WebSocket (RFC 6455) HTTP: status Success (2xx) 200 Ok, 201 Created, 202 Accepted, 204 No Content, 206 Partial Content,…](https://reader033.fdocuments.in/reader033/viewer/2022050107/5f457657fbb1f00ea15cf460/html5/thumbnails/106.jpg)
cgi: invocation
Data processing when GET method is used
data available in QUERY_STRING variable
![Page 107: Tehnologii Webandrei.panu/lectures/EN_web...here, from HTTP to WebSocket (RFC 6455) HTTP: status Success (2xx) 200 Ok, 201 Created, 202 Accepted, 204 No Content, 206 Partial Content,…](https://reader033.fdocuments.in/reader033/viewer/2022050107/5f457657fbb1f00ea15cf460/html5/thumbnails/107.jpg)
cgi: invocation
Data processing when POST method is used
data read from stdin, the length in bytes being specified by CONTENT_LENGTH variable
![Page 108: Tehnologii Webandrei.panu/lectures/EN_web...here, from HTTP to WebSocket (RFC 6455) HTTP: status Success (2xx) 200 Ok, 201 Created, 202 Accepted, 204 No Content, 206 Partial Content,…](https://reader033.fdocuments.in/reader033/viewer/2022050107/5f457657fbb1f00ea15cf460/html5/thumbnails/108.jpg)
cgi: invocation
Data processing – GET and/or POST
in case of application servers or frameworks, data is encapsulated into specific structures/types
ASP.NET (C# et. al) – HttpRequest classNode.js (JavaScript) – http.ClientRequest
PHP – associative arrays: $_GET[] $_POST[] $_REQUEST[]
Play (Java, Scala) – play.api.mvc.Request
Python – clasa cgi.FieldStorage
advanced
![Page 109: Tehnologii Webandrei.panu/lectures/EN_web...here, from HTTP to WebSocket (RFC 6455) HTTP: status Success (2xx) 200 Ok, 201 Created, 202 Accepted, 204 No Content, 206 Partial Content,…](https://reader033.fdocuments.in/reader033/viewer/2022050107/5f457657fbb1f00ea15cf460/html5/thumbnails/109.jpg)
GET vs. POST
GET method is used to generate the representations of the requested resources
e.g., HTML documents, JPEG or PNG images, Atom/RSS news feeds, ZIP archives, etc.
the server state should not be modified
![Page 110: Tehnologii Webandrei.panu/lectures/EN_web...here, from HTTP to WebSocket (RFC 6455) HTTP: status Success (2xx) 200 Ok, 201 Created, 202 Accepted, 204 No Content, 206 Partial Content,…](https://reader033.fdocuments.in/reader033/viewer/2022050107/5f457657fbb1f00ea15cf460/html5/thumbnails/110.jpg)
GET vs. POST
GET method is used to generate the representations of the requested resources
obtaining data with GET, the user can set a bookmark for further accesses to the Web resource
(by using the URL of the generated representation)
e.g., https://duckduckgo.com/?q=web+programming&ia=videos
![Page 111: Tehnologii Webandrei.panu/lectures/EN_web...here, from HTTP to WebSocket (RFC 6455) HTTP: status Success (2xx) 200 Ok, 201 Created, 202 Accepted, 204 No Content, 206 Partial Content,…](https://reader033.fdocuments.in/reader033/viewer/2022050107/5f457657fbb1f00ea15cf460/html5/thumbnails/111.jpg)
GET vs. POST
POST method is used when the data transmitted to the server is large (e.g., upload of file content)
or sensitive – typically, passwords
![Page 112: Tehnologii Webandrei.panu/lectures/EN_web...here, from HTTP to WebSocket (RFC 6455) HTTP: status Success (2xx) 200 Ok, 201 Created, 202 Accepted, 204 No Content, 206 Partial Content,…](https://reader033.fdocuments.in/reader033/viewer/2022050107/5f457657fbb1f00ea15cf460/html5/thumbnails/112.jpg)
GET vs. POST
POST method is used when the data transmitted to the server is large (e.g., upload of file content)
or sensitive – typically, passwords
plus, when the script invocation can produce a state change on the server:
adding a record, altering a file,...
![Page 113: Tehnologii Webandrei.panu/lectures/EN_web...here, from HTTP to WebSocket (RFC 6455) HTTP: status Success (2xx) 200 Ok, 201 Created, 202 Accepted, 204 No Content, 206 Partial Content,…](https://reader033.fdocuments.in/reader033/viewer/2022050107/5f457657fbb1f00ea15cf460/html5/thumbnails/113.jpg)
cgi: support
Web server should support CGI script invocation
example: Apache HTTP Server provides the mod_cgi module
advanced
![Page 114: Tehnologii Webandrei.panu/lectures/EN_web...here, from HTTP to WebSocket (RFC 6455) HTTP: status Success (2xx) 200 Ok, 201 Created, 202 Accepted, 204 No Content, 206 Partial Content,…](https://reader033.fdocuments.in/reader033/viewer/2022050107/5f457657fbb1f00ea15cf460/html5/thumbnails/114.jpg)
cgi: ssi
CGI scripts could be directly invoked from a HTML document via SSI (Server Side Includes)
www.ssi-developer.net/ssi/
Apache: httpd.apache.org/docs/trunk/howto/ssi.html
NGINX: nginx.org/en/docs/http/ngx_http_ssi_module.html
advanced
![Page 115: Tehnologii Webandrei.panu/lectures/EN_web...here, from HTTP to WebSocket (RFC 6455) HTTP: status Success (2xx) 200 Ok, 201 Created, 202 Accepted, 204 No Content, 206 Partial Content,…](https://reader033.fdocuments.in/reader033/viewer/2022050107/5f457657fbb1f00ea15cf460/html5/thumbnails/115.jpg)
cgi: fastcgi
FastCGIan alternative to CGI focused on performance
implementations:Apache HTTP Server – httpd.apache.org/mod_fcgid/
NGINX – nginx.org/en/docs/http/ngx_http_fastcgi_module.html
advanced
![Page 116: Tehnologii Webandrei.panu/lectures/EN_web...here, from HTTP to WebSocket (RFC 6455) HTTP: status Success (2xx) 200 Ok, 201 Created, 202 Accepted, 204 No Content, 206 Partial Content,…](https://reader033.fdocuments.in/reader033/viewer/2022050107/5f457657fbb1f00ea15cf460/html5/thumbnails/116.jpg)
How about a manner to – temporarily – store on front-end (browser) the data transmitted by the
back-end of Web application?
![Page 117: Tehnologii Webandrei.panu/lectures/EN_web...here, from HTTP to WebSocket (RFC 6455) HTTP: status Success (2xx) 200 Ok, 201 Created, 202 Accepted, 204 No Content, 206 Partial Content,…](https://reader033.fdocuments.in/reader033/viewer/2022050107/5f457657fbb1f00ea15cf460/html5/thumbnails/117.jpg)
cookies
A script running on a Web server can put data on the client-computer via the user’s Web browser
subsequently, the navigator will return that data to the same script available on the same server
also consult Cookiepedia: cookiepedia.co.uk
![Page 118: Tehnologii Webandrei.panu/lectures/EN_web...here, from HTTP to WebSocket (RFC 6455) HTTP: status Success (2xx) 200 Ok, 201 Created, 202 Accepted, 204 No Content, 206 Partial Content,…](https://reader033.fdocuments.in/reader033/viewer/2022050107/5f457657fbb1f00ea15cf460/html5/thumbnails/118.jpg)
cookies
A (quasi-)persistent way to store data on the machine of a Web client in order to be
further accessed by a program running on a server
developer.mozilla.org/docs/Web/HTTP/Cookies
![Page 119: Tehnologii Webandrei.panu/lectures/EN_web...here, from HTTP to WebSocket (RFC 6455) HTTP: status Success (2xx) 200 Ok, 201 Created, 202 Accepted, 204 No Content, 206 Partial Content,…](https://reader033.fdocuments.in/reader033/viewer/2022050107/5f457657fbb1f00ea15cf460/html5/thumbnails/119.jpg)
cookies: usages
Storing user preferences
typical examples: options regarding interaction – visual theme
(e.g., chromatics), lingual preferences,geographical location, interests on shopping
…
![Page 120: Tehnologii Webandrei.panu/lectures/EN_web...here, from HTTP to WebSocket (RFC 6455) HTTP: status Success (2xx) 200 Ok, 201 Created, 202 Accepted, 204 No Content, 206 Partial Content,…](https://reader033.fdocuments.in/reader033/viewer/2022050107/5f457657fbb1f00ea15cf460/html5/thumbnails/120.jpg)
cookies: usages
Automatic form completion
using previously entered values for certain fields
![Page 121: Tehnologii Webandrei.panu/lectures/EN_web...here, from HTTP to WebSocket (RFC 6455) HTTP: status Success (2xx) 200 Ok, 201 Created, 202 Accepted, 204 No Content, 206 Partial Content,…](https://reader033.fdocuments.in/reader033/viewer/2022050107/5f457657fbb1f00ea15cf460/html5/thumbnails/121.jpg)
cookies: usages
Monitoring the access to a Web resource
aspect of interest:Web analytics
collecting information about clients(hardware platform, browser, screen resolution, etc.)
![Page 122: Tehnologii Webandrei.panu/lectures/EN_web...here, from HTTP to WebSocket (RFC 6455) HTTP: status Success (2xx) 200 Ok, 201 Created, 202 Accepted, 204 No Content, 206 Partial Content,…](https://reader033.fdocuments.in/reader033/viewer/2022050107/5f457657fbb1f00ea15cf460/html5/thumbnails/122.jpg)
cookies: usages
Monitoring the access to a Web resource
aspect of interest:user tracking
monitoring the user’s behaviorDo Not Track initiative
www.eff.org/issues/do-not-track
![Page 123: Tehnologii Webandrei.panu/lectures/EN_web...here, from HTTP to WebSocket (RFC 6455) HTTP: status Success (2xx) 200 Ok, 201 Created, 202 Accepted, 204 No Content, 206 Partial Content,…](https://reader033.fdocuments.in/reader033/viewer/2022050107/5f457657fbb1f00ea15cf460/html5/thumbnails/123.jpg)
cookies: usages
Storing authentication info
e.g., keeping data about the user account in the e-commerce context
![Page 124: Tehnologii Webandrei.panu/lectures/EN_web...here, from HTTP to WebSocket (RFC 6455) HTTP: status Success (2xx) 200 Ok, 201 Created, 202 Accepted, 204 No Content, 206 Partial Content,…](https://reader033.fdocuments.in/reader033/viewer/2022050107/5f457657fbb1f00ea15cf460/html5/thumbnails/124.jpg)
cookies: usages
Transaction status
e.g., current state of the virtual shopping cart provided by an e-shop application
![Page 125: Tehnologii Webandrei.panu/lectures/EN_web...here, from HTTP to WebSocket (RFC 6455) HTTP: status Success (2xx) 200 Ok, 201 Created, 202 Accepted, 204 No Content, 206 Partial Content,…](https://reader033.fdocuments.in/reader033/viewer/2022050107/5f457657fbb1f00ea15cf460/html5/thumbnails/125.jpg)
cookies: usages
Web session management
![Page 126: Tehnologii Webandrei.panu/lectures/EN_web...here, from HTTP to WebSocket (RFC 6455) HTTP: status Success (2xx) 200 Ok, 201 Created, 202 Accepted, 204 No Content, 206 Partial Content,…](https://reader033.fdocuments.in/reader033/viewer/2022050107/5f457657fbb1f00ea15cf460/html5/thumbnails/126.jpg)
cookies: types
Persistent cookies
not destroyed when Web browser closes
kept into a file – client-side
time-to-live set by the cookie creator
![Page 127: Tehnologii Webandrei.panu/lectures/EN_web...here, from HTTP to WebSocket (RFC 6455) HTTP: status Success (2xx) 200 Ok, 201 Created, 202 Accepted, 204 No Content, 206 Partial Content,…](https://reader033.fdocuments.in/reader033/viewer/2022050107/5f457657fbb1f00ea15cf460/html5/thumbnails/127.jpg)
cookies: types
Non-persistent (volatile) cookies
disappear when the browser is closed
![Page 128: Tehnologii Webandrei.panu/lectures/EN_web...here, from HTTP to WebSocket (RFC 6455) HTTP: status Success (2xx) 200 Ok, 201 Created, 202 Accepted, 204 No Content, 206 Partial Content,…](https://reader033.fdocuments.in/reader033/viewer/2022050107/5f457657fbb1f00ea15cf460/html5/thumbnails/128.jpg)
cookies
a cookie can be considered as a variable
its value is transferred via HTTP between the Web server (back-end application)
and the client (browser)
the size of a cookie cannot exceed 4KB
![Page 129: Tehnologii Webandrei.panu/lectures/EN_web...here, from HTTP to WebSocket (RFC 6455) HTTP: status Success (2xx) 200 Ok, 201 Created, 202 Accepted, 204 No Content, 206 Partial Content,…](https://reader033.fdocuments.in/reader033/viewer/2022050107/5f457657fbb1f00ea15cf460/html5/thumbnails/129.jpg)
cookies
A cookie can be considered as a variable
name=value
the value is an URL encoded string
![Page 130: Tehnologii Webandrei.panu/lectures/EN_web...here, from HTTP to WebSocket (RFC 6455) HTTP: status Success (2xx) 200 Ok, 201 Created, 202 Accepted, 204 No Content, 206 Partial Content,…](https://reader033.fdocuments.in/reader033/viewer/2022050107/5f457657fbb1f00ea15cf460/html5/thumbnails/130.jpg)
cookies
Data about a cookie is received by the browser
a list of cookies for each server (domain)
![Page 131: Tehnologii Webandrei.panu/lectures/EN_web...here, from HTTP to WebSocket (RFC 6455) HTTP: status Success (2xx) 200 Ok, 201 Created, 202 Accepted, 204 No Content, 206 Partial Content,…](https://reader033.fdocuments.in/reader033/viewer/2022050107/5f457657fbb1f00ea15cf460/html5/thumbnails/131.jpg)
cookies
A cookie is sent to a client by using the Set-Cookie
header field of a HTTP response message
![Page 132: Tehnologii Webandrei.panu/lectures/EN_web...here, from HTTP to WebSocket (RFC 6455) HTTP: status Success (2xx) 200 Ok, 201 Created, 202 Accepted, 204 No Content, 206 Partial Content,…](https://reader033.fdocuments.in/reader033/viewer/2022050107/5f457657fbb1f00ea15cf460/html5/thumbnails/132.jpg)
cookies
Set-Cookie: name=value; expires=date; path=path;
domain=Internet-domain; secure
![Page 133: Tehnologii Webandrei.panu/lectures/EN_web...here, from HTTP to WebSocket (RFC 6455) HTTP: status Success (2xx) 200 Ok, 201 Created, 202 Accepted, 204 No Content, 206 Partial Content,…](https://reader033.fdocuments.in/reader033/viewer/2022050107/5f457657fbb1f00ea15cf460/html5/thumbnails/133.jpg)
cookies
Set-Cookie: name=value; expires=date; path=path;
domain=Internet-domain; secure
expires – indicates date and time when cookie will expire (the Web client should destroy expired cookies)
![Page 134: Tehnologii Webandrei.panu/lectures/EN_web...here, from HTTP to WebSocket (RFC 6455) HTTP: status Success (2xx) 200 Ok, 201 Created, 202 Accepted, 204 No Content, 206 Partial Content,…](https://reader033.fdocuments.in/reader033/viewer/2022050107/5f457657fbb1f00ea15cf460/html5/thumbnails/134.jpg)
cookies
Set-Cookie: name=value; expires=date; path=path;
domain=Internet-domain; secure
domain – signifies the symbolic name of the Web server that generated the cookie
![Page 135: Tehnologii Webandrei.panu/lectures/EN_web...here, from HTTP to WebSocket (RFC 6455) HTTP: status Success (2xx) 200 Ok, 201 Created, 202 Accepted, 204 No Content, 206 Partial Content,…](https://reader033.fdocuments.in/reader033/viewer/2022050107/5f457657fbb1f00ea15cf460/html5/thumbnails/135.jpg)
cookies
Set-Cookie: name=value; expires=date; path=path;
domain=Internet-domain; secure
path – specifies a subset of URLs from the cookie’s domain
distinguishes multiple applications existing on the same server
![Page 136: Tehnologii Webandrei.panu/lectures/EN_web...here, from HTTP to WebSocket (RFC 6455) HTTP: status Success (2xx) 200 Ok, 201 Created, 202 Accepted, 204 No Content, 206 Partial Content,…](https://reader033.fdocuments.in/reader033/viewer/2022050107/5f457657fbb1f00ea15cf460/html5/thumbnails/136.jpg)
cookies
Set-Cookie: name=value; expires=date; path=path;
domain=Internet-domain; secure
secure – indicates that cookie will be sent back to the server only if the communication channel is “secure”
(via HTTPS)
![Page 137: Tehnologii Webandrei.panu/lectures/EN_web...here, from HTTP to WebSocket (RFC 6455) HTTP: status Success (2xx) 200 Ok, 201 Created, 202 Accepted, 204 No Content, 206 Partial Content,…](https://reader033.fdocuments.in/reader033/viewer/2022050107/5f457657fbb1f00ea15cf460/html5/thumbnails/137.jpg)
cookie-uriinspect cookies stored by the
Web browser for each domain
httpOnly: true
indicates that the value of a cookie can be obtained only from a data transfer through
HTTP
the cookie cannot be accessed by a program executed on
client side (browser)www.owasp.org/index.php/HttpOnly
advanced
![Page 138: Tehnologii Webandrei.panu/lectures/EN_web...here, from HTTP to WebSocket (RFC 6455) HTTP: status Success (2xx) 200 Ok, 201 Created, 202 Accepted, 204 No Content, 206 Partial Content,…](https://reader033.fdocuments.in/reader033/viewer/2022050107/5f457657fbb1f00ea15cf460/html5/thumbnails/138.jpg)
cookies
A cookie is transmitted back from the client to the Web server only if it satisfies
all validity conditions
domain, path, expire date & time, and communication channel security are matching
![Page 139: Tehnologii Webandrei.panu/lectures/EN_web...here, from HTTP to WebSocket (RFC 6455) HTTP: status Success (2xx) 200 Ok, 201 Created, 202 Accepted, 204 No Content, 206 Partial Content,…](https://reader033.fdocuments.in/reader033/viewer/2022050107/5f457657fbb1f00ea15cf460/html5/thumbnails/139.jpg)
cookies
the server will receive, in the headerof a HTTP request message, the following:
Cookie: name1=value1; name2=value2...
the list of cookies which satisfy the validity conditions
![Page 140: Tehnologii Webandrei.panu/lectures/EN_web...here, from HTTP to WebSocket (RFC 6455) HTTP: status Success (2xx) 200 Ok, 201 Created, 202 Accepted, 204 No Content, 206 Partial Content,…](https://reader033.fdocuments.in/reader033/viewer/2022050107/5f457657fbb1f00ea15cf460/html5/thumbnails/140.jpg)
cookies
A script invocation consists of returning a representation + placing various cookies
Web Server
Web Client
HTTP requestscript invocation
HTTP responseSet-Cookie: color=green
Script
![Page 141: Tehnologii Webandrei.panu/lectures/EN_web...here, from HTTP to WebSocket (RFC 6455) HTTP: status Success (2xx) 200 Ok, 201 Created, 202 Accepted, 204 No Content, 206 Partial Content,…](https://reader033.fdocuments.in/reader033/viewer/2022050107/5f457657fbb1f00ea15cf460/html5/thumbnails/141.jpg)
cookies
Cookies – persistent or not –are processed and stored by the browser
Web Server
Web Client
Script
color=
green
persistent cookies are stored in files or databases (SQLite)
![Page 142: Tehnologii Webandrei.panu/lectures/EN_web...here, from HTTP to WebSocket (RFC 6455) HTTP: status Success (2xx) 200 Ok, 201 Created, 202 Accepted, 204 No Content, 206 Partial Content,…](https://reader033.fdocuments.in/reader033/viewer/2022050107/5f457657fbb1f00ea15cf460/html5/thumbnails/142.jpg)
cookies
Next access to the script is made by transmitting the cookies to the server
according to the validity conditions
Web Server
Web Client
Script
color=
green HTTP requestCookie: color=green
HTTP response
![Page 143: Tehnologii Webandrei.panu/lectures/EN_web...here, from HTTP to WebSocket (RFC 6455) HTTP: status Success (2xx) 200 Ok, 201 Created, 202 Accepted, 204 No Content, 206 Partial Content,…](https://reader033.fdocuments.in/reader033/viewer/2022050107/5f457657fbb1f00ea15cf460/html5/thumbnails/143.jpg)
cookies: consulting
Cookies reside in the header field of a HTTP message
HTTP_COOKIE
![Page 144: Tehnologii Webandrei.panu/lectures/EN_web...here, from HTTP to WebSocket (RFC 6455) HTTP: status Success (2xx) 200 Ok, 201 Created, 202 Accepted, 204 No Content, 206 Partial Content,…](https://reader033.fdocuments.in/reader033/viewer/2022050107/5f457657fbb1f00ea15cf460/html5/thumbnails/144.jpg)
cookies: expiration
To remove a cookie, the value and time are canceled
eventually, the other attributes of the cookie
![Page 145: Tehnologii Webandrei.panu/lectures/EN_web...here, from HTTP to WebSocket (RFC 6455) HTTP: status Success (2xx) 200 Ok, 201 Created, 202 Accepted, 204 No Content, 206 Partial Content,…](https://reader033.fdocuments.in/reader033/viewer/2022050107/5f457657fbb1f00ea15cf460/html5/thumbnails/145.jpg)
cookies
Other information of interest is available in RFC 6265
HTTP State Management Mechanism
tools.ietf.org/html/rfc6265
![Page 146: Tehnologii Webandrei.panu/lectures/EN_web...here, from HTTP to WebSocket (RFC 6455) HTTP: status Success (2xx) 200 Ok, 201 Created, 202 Accepted, 204 No Content, 206 Partial Content,…](https://reader033.fdocuments.in/reader033/viewer/2022050107/5f457657fbb1f00ea15cf460/html5/thumbnails/146.jpg)
How can we identify successive requests expressed by the same client instance?
👽👽👽👽👽
![Page 147: Tehnologii Webandrei.panu/lectures/EN_web...here, from HTTP to WebSocket (RFC 6455) HTTP: status Success (2xx) 200 Ok, 201 Created, 202 Accepted, 204 No Content, 206 Partial Content,…](https://reader033.fdocuments.in/reader033/viewer/2022050107/5f457657fbb1f00ea15cf460/html5/thumbnails/147.jpg)
HTTP is stateless protocol
cannot tell if specific successive requests are received from the same client
(from the same instance of a Web browser)
![Page 148: Tehnologii Webandrei.panu/lectures/EN_web...here, from HTTP to WebSocket (RFC 6455) HTTP: status Success (2xx) 200 Ok, 201 Created, 202 Accepted, 204 No Content, 206 Partial Content,…](https://reader033.fdocuments.in/reader033/viewer/2022050107/5f457657fbb1f00ea15cf460/html5/thumbnails/148.jpg)
necessity
Preserving certain data for a sequence of relatedHTTP messages (requests/responses)
examples: shopping cart status
multi-step Web formscontent pagination
user authentication stateetc.
![Page 149: Tehnologii Webandrei.panu/lectures/EN_web...here, from HTTP to WebSocket (RFC 6455) HTTP: status Success (2xx) 200 Ok, 201 Created, 202 Accepted, 204 No Content, 206 Partial Content,…](https://reader033.fdocuments.in/reader033/viewer/2022050107/5f457657fbb1f00ea15cf460/html5/thumbnails/149.jpg)
sessions
Each visitor of a Website will have associated an unique identifier – session ID (SID)
stored by a cookie(e.g., ASP.NET_SessionId, PHPSESSID, session-id, _wp_session)
orpropagated via an URL
![Page 150: Tehnologii Webandrei.panu/lectures/EN_web...here, from HTTP to WebSocket (RFC 6455) HTTP: status Success (2xx) 200 Ok, 201 Created, 202 Accepted, 204 No Content, 206 Partial Content,…](https://reader033.fdocuments.in/reader033/viewer/2022050107/5f457657fbb1f00ea15cf460/html5/thumbnails/150.jpg)
sessions
Each visitor of a Website will have associated an unique identifier – session ID (SID)
in this way, consecutive visits (requests) made by the same user can be identified
![Page 151: Tehnologii Webandrei.panu/lectures/EN_web...here, from HTTP to WebSocket (RFC 6455) HTTP: status Success (2xx) 200 Ok, 201 Created, 202 Accepted, 204 No Content, 206 Partial Content,…](https://reader033.fdocuments.in/reader033/viewer/2022050107/5f457657fbb1f00ea15cf460/html5/thumbnails/151.jpg)
sesiuniWeb client (browser)Web server
(daemon)
HTTP request
data taken from the formname=Tuxy
HTTP response setting a cookie
Set-Cookie: sid=7343
HTTP request + session cookie
GET /profile HTTP/1.1
Cookie: sid=7343
HTTP response (profile page)
HTTP/1.1 200 OK
…
<p>Hi, Tuxy! Welcome back!</p>
establishing a Web session using a cookie
⓵
⓶
⓷
⓸
![Page 152: Tehnologii Webandrei.panu/lectures/EN_web...here, from HTTP to WebSocket (RFC 6455) HTTP: status Success (2xx) 200 Ok, 201 Created, 202 Accepted, 204 No Content, 206 Partial Content,…](https://reader033.fdocuments.in/reader033/viewer/2022050107/5f457657fbb1f00ea15cf460/html5/thumbnails/152.jpg)
sessions
Various variables could be attached to a session
their values will be kept (stored) between consecutive – e.g., related – requests from the same instance
of a Web client (browser)
![Page 153: Tehnologii Webandrei.panu/lectures/EN_web...here, from HTTP to WebSocket (RFC 6455) HTTP: status Success (2xx) 200 Ok, 201 Created, 202 Accepted, 204 No Content, 206 Partial Content,…](https://reader033.fdocuments.in/reader033/viewer/2022050107/5f457657fbb1f00ea15cf460/html5/thumbnails/153.jpg)
sessions
A session could be implicitly (automatically) or explicitly (manually, by programmer) registered,
depending on the Web application server or the default configuration
![Page 154: Tehnologii Webandrei.panu/lectures/EN_web...here, from HTTP to WebSocket (RFC 6455) HTTP: status Success (2xx) 200 Ok, 201 Created, 202 Accepted, 204 No Content, 206 Partial Content,…](https://reader033.fdocuments.in/reader033/viewer/2022050107/5f457657fbb1f00ea15cf460/html5/thumbnails/154.jpg)
sessions
A session could be implicitly (automatically) or explicitly (manually, by programmer) registered,
depending on the Web application server or the default configuration
Web session info is persistently stored on the server by using non-relational database systems – e.g., DynamoDB,
Memcached, Redis,… – or, in most cases, files
advanced
![Page 155: Tehnologii Webandrei.panu/lectures/EN_web...here, from HTTP to WebSocket (RFC 6455) HTTP: status Success (2xx) 200 Ok, 201 Created, 202 Accepted, 204 No Content, 206 Partial Content,…](https://reader033.fdocuments.in/reader033/viewer/2022050107/5f457657fbb1f00ea15cf460/html5/thumbnails/155.jpg)
POST / HTTP/1.1
Accept: text/html,application/xhtml+xml,
application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en,en-GB;q=0.5
Connection: keep-alive
Cookie: language=en_US
Host: mail.info.uaic.ro
Referer: http://mail.info.uaic.ro/?_task=login
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 … Gecko/20100101 Firefox/51.0
user authentication by using POST method(already existing cookies are transmitted)
![Page 156: Tehnologii Webandrei.panu/lectures/EN_web...here, from HTTP to WebSocket (RFC 6455) HTTP: status Success (2xx) 200 Ok, 201 Created, 202 Accepted, 204 No Content, 206 Partial Content,…](https://reader033.fdocuments.in/reader033/viewer/2022050107/5f457657fbb1f00ea15cf460/html5/thumbnails/156.jpg)
sesiuni: exemplificare
HTTP/1.1 302 Found
Cache-Control: private, no-cache, no-store, must-revalidate…
Connection: Keep-Alive
Content-Length: 0
Content-Type: text/html; charset=UTF-8
Date: Thu, 23 Feb 2017 10:25:44 GMT
Keep-Alive: timeout=5, max=100
Last-Modified: Thu, 23 Feb 2017 10:25:44 GMT
Location: ./?_task=mail&_token=cb1924…c9c97819
Server: Apache/2.4.6 (CentOS) mod_fcgid/2.3.9 PHP/5.4.16
Set-Cookie: roundcube_sessid=vnqrt4…2uv2; path=/; HttpOnly
roundcube_sessauth=S92ee64…2c71; path=/; HttpOnly
<!DOCTYPE html>
…
HTTP response a Web session-related cookie is set
redirection after
authentication
![Page 157: Tehnologii Webandrei.panu/lectures/EN_web...here, from HTTP to WebSocket (RFC 6455) HTTP: status Success (2xx) 200 Ok, 201 Created, 202 Accepted, 204 No Content, 206 Partial Content,…](https://reader033.fdocuments.in/reader033/viewer/2022050107/5f457657fbb1f00ea15cf460/html5/thumbnails/157.jpg)
sessions: programming
In the case of CGI, session management must be entirely implemented by the programmer
there is no standard way for Web session processing
advanced
![Page 158: Tehnologii Webandrei.panu/lectures/EN_web...here, from HTTP to WebSocket (RFC 6455) HTTP: status Success (2xx) 200 Ok, 201 Created, 202 Accepted, 204 No Content, 206 Partial Content,…](https://reader033.fdocuments.in/reader033/viewer/2022050107/5f457657fbb1f00ea15cf460/html5/thumbnails/158.jpg)
alternatives
Web Storage
browser-level storage for lists of key—value pairs via sessionStorage and localStorage attributes
see HTML Living Standard (14 feb. 2020) specificationhtml.spec.whatwg.org/multipage/webstorage.html
for details, studyprofs.info.uaic.ro/~busaco/teach/courses/staw/web-film.html#week10
advanced
![Page 159: Tehnologii Webandrei.panu/lectures/EN_web...here, from HTTP to WebSocket (RFC 6455) HTTP: status Success (2xx) 200 Ok, 201 Created, 202 Accepted, 204 No Content, 206 Partial Content,…](https://reader033.fdocuments.in/reader033/viewer/2022050107/5f457657fbb1f00ea15cf460/html5/thumbnails/159.jpg)
“conclusion”
⥁from HTTP to cookies and Web sessions
many thanks to Ciprian Amariei, MSc.
![Page 160: Tehnologii Webandrei.panu/lectures/EN_web...here, from HTTP to WebSocket (RFC 6455) HTTP: status Success (2xx) 200 Ok, 201 Created, 202 Accepted, 204 No Content, 206 Partial Content,…](https://reader033.fdocuments.in/reader033/viewer/2022050107/5f457657fbb1f00ea15cf460/html5/thumbnails/160.jpg)
next episode: Web programmingWeb application servers, Web application architecture
brow-ser
presen-tation
pro-cessing
data access
<Web/> pages
HTML, CSS,…
fat serverdumb client
frontend backend