Shulou(Shulou.com)06/02 Report--

1. What's the difference between http1.0 and 1.1?

Http1.0: each request / response establishes and closes a connection, which is slow.

Http1.1: multiple responses or requests can be transmitted in the same tcp connection. Http1.1 also enables persistent connections by default.

Second, client request.

Version numbers of GET / HTTP/1.1 # actions and http protocols

Host: address of the host accessed by the www.test.com:8088 # client

Connection: keep-alive # persistent connection

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,p_w_picpath/webp,*/*;q=0.8 # data types that can be parsed by the current browser

Upgrade-Insecure-Requests: 1

User-Agent: information such as operating system and browser of Mozilla/5.0 (Macintosh; Intel Mac OS X 10 / 11 / 6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.102 Safari/537.36 # client.

Accept-Encoding: gzip, deflate, sdch # browsers are used to tell the server the types of encodings they support.

Accept-Language: the current language information of the zh-CN,zh;q=0.8 # browser.

The client request header is roughly divided into four parts:

Request first line; # request path protocol and version by request method, for example: GET / index.html HTTP/1.1

Request header information; # request header name: request header content, that is, in key:value format, for example: Host:localhost

Blank line; # used to separate from the request body

Request body. # GET does not have a request body, only POST has a request body.

GET request

Characteristics

The default request method for http is get.

The get request does not have any request body.

A get request, the size must be within 1k.

The content of the get request is exposed in the address bar.

The operation that generates the get request:

Enter a URL in the browser's address bar, which must be a get request.

Click on a link on the page and it will also be a get request.

Submit the form, which is get by default, and can be set to post.

The following is the request header information generated when a browser visits Baidu search:

Accept:text/html,application/xhtml+xml,application/xml;q=0.9,p_w_picpath/webp,*/*;q=0.8

# the browser is used to tell the server the type of document that can be parsed here. In fact, it contains * / *, which means anything can be received.

Accept-Encoding:gzip, deflate, sdch

# supported compression format. When the data is transmitted on the network, it is possible that the server will compress the data and then send it.

Accept-Language:zh-CN,zh;q=0.8

# the languages currently supported by the client, which can be found in the browser's tool options

Cache-Control:max-age=0

Connection:keep-alive

# browsers tell the server how to support long links and keep them for a period of time. Default is 3000ms

Cookie:BAIDUID=7AD83D51481D0BE4DB3250B5273A7A01:FG=1; BIDUPSID=7AD83D51481D0BE4DB3250B5273A7A01; PSTM=1483207633; BCLID=599596736169088288

# since this is not the first time to access this address, the Cookie sent in the last server response will be sent in the request; the name of this Cookie is BAIDUUID,FG,BIDUPSID.PSTM,BCLID.

# if you don't understand cookie, you can first think of cookie as a dictionary in which multiple sets of key-value pairs can be placed.

BDSFRCVID=B9_sJeCGQG04CSbZK5LXuyRgDeKKnW7TH6aP2rQCi3AO4CkVJ2uIEG0Ptf8g0KubaKiaogKK0gOTH65P; H_BDCLCKID_SF=tJAD_CtatD-3ejrnhCTVMt_e2x7-2D62aKD***3n-hcqEp3hQT0MLptVW44tWtntMGrMKn5cWbrRMUbSj4QmDRDuLUue3x4J0K3paDoaWl5nhMJmb67JDMP0-xQia4oy523ion3vQpP-MftuD6-ajjO0DG8sKC62atoLBRjOMJnqD6rnhPF3QJT3KP6-3MbI3b4J5MOtyqkh8hRG2q5JQ-LUyUTUth47JD6Totol0bI5EqAmLPR4y6D0ytoxJpOJ5JbMopvaKJjvjJjvbURvD--g3-Aqtl8EtJAD_CtatD-3ejrnhCTVMt_e2x7-2D62aKDs5DT7When hcqEp3hQT0MLptVW44tWpvtMGrMKn5cWbrRMUbSj4QmDRDuLUue3x4J0K3paDoaWl5nMJmb67JDMP0MaixQia4oy523ion3vQpPmurMftun5jHj0DNt83e; BD_CK_SAM=1; PSINO=1; BD_UPN=123253; Hacks PS645ECcards c485lXcS% 2F7FBtERrH33% 2FHldUI6NyBW8PijQ% 2F% 2F54A475m4RucmVSSJDxBgBgBg BDORZ=B490B5EBF6F3CD402E515D22BCDA1598; BDSVRTM=0; BD_HOME=0;

Host:www.baidu.com

Upgrade-Insecure-Requests:1

User-Agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10 / 11 / 6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.102 Safari/537.36

Referer: http://www.baidu.com

# attention! The referer tag will only be generated after it is connected through other url. For example, if you click on the link here on Baidu, then Referer: http://www.baidu.com; if you enter the address directly in the address bar of the browser, then there is no Referer request header.

2.post request.

Features:

The requested data does not appear in the address bar. Parameters submitted to the server are put into the request body. )

There is no upper limit to the size of the data.

There is a request body.

When encountered in Chinese, url coding will be used.

Explain what url coding is here.

We all know that the transmission of parameters in Http protocol is in the form of "key=value". If you want to pass multiple parameters, you need to split the key-value pair with the "&" symbol. Such as "? name1=value1&name2=value2", so that when the server receives such a string, it splits each parameter with "&" and then splits the parameter value with "=".

For "name1=value1&name2=value2", let's talk about the client-to-server conceptual parsing process:

The above string is expressed in ASCII on the computer as:

6E616D6531 3D 76616C756531 26 6E616D6532 3D 76616C756532 .

6E616D6531:name1

3DVR =

76616C756531:value1

26RV &

6E616D6532:name2

3DVR =

76616C756532:value2

After receiving the data, the server can traverse the byte stream, first eating byte by byte. When eating the byte 3D, the server knows that the byte before eating represents a key, and then think about it. If you encounter 26, it means that the value of the previous key from the 3D to the 26 sub-section just eaten, and so on, the parameters passed by the client can be parsed.

Now there is a question of what to do if my parameter value contains a special character such as = or &.

For example, "name1=value1", where the value of value1 is a "va&lu=e1" string, then it will actually become "name1=va&lu=e1" during transmission. Our intention is that there is only one key-value pair, but the server parses into two key-value pairs, which makes it strange.

How to solve the ambiguity caused by the above problems? The solution is to encode the parameters with URL.

URL coding simply adds% in front of each byte of a special character. For example, we encode the above strange characters with the result of URL encoding: "name1=va%26lu%3D", so that the server will treat the byte immediately after "%" as a normal byte, but will not regard it as a separator for each parameter or key-value pair.

Speaking of post requests, add the tags of two request headers:

Content-Type: application/x-www-form-urlencoded: the data type of the form, indicating that the data is encoded in url format; url-encoded data is prefixed with "%" followed by a two-bit hexadecimal.

Content-Length:13: the length of the request body, which represents 13 bytes.

Third, the response head of the server.

The response header that the server replies to the client is roughly divided into three parts.

Response header message, blank line, response body.

Request URL: http://127.0.0.1:8090/login/

# url requested by the client

Request Method:GET

# actions requested by the client

Status Code:200 OK

# status code returned to the client

Remote Address:127.0.0.1:8090

Response Headers

View source

Content-Type:text/html; charset=utf-8

# what is the data type that the server currently replies to the client, as well as character encoding

Date:Wed, 26 Oct 2016 06:48:50 GMT

# response time

Server:WSGIServer/0.2 CPython/3.5.2

# Server type

X-Frame-Options:SAMEORIGIN

# response body

Request URL: http://127.0.0.1:8090/login/

Request Method:GET

Status Code:200 OK

Remote Address:127.0.0.1:8090

Response Headers

View source

Content-Type:text/html; charset=utf-8

Date:Wed, 26 Oct 2016 06:48:50 GMT

Server:WSGIServer/0.2 CPython/3.5.2

X-Frame-Options:SAMEORIGIN

Title

User name:

HTTP/1.1 200OK: the response protocol is HTTP1.1, and the status code is 200, indicating that the request was successful. OK is the interpretation of the status code.

Server:WSGIServer/0.2 CPython/3.5.2: version information of the server

Content-Type: text/html;charset=UTF-8: the code used by the responder is UTF-8

Content-Length: 724: the response body is 724 bytes

Set-Cookie: JSESSIONID=C97E2B4C55553EAB46079A4F263435A4; Path=/hello: Cookie that responds to the client

Date: Wed, 25 Sep 2012 04:15:03 GMT: response time, which may have a time zone difference of 8 hours

A small addition to the status code:

These status codes are too common. I won't explain too much here, but I will mainly talk about 302 and 304.

When the response code is 302, the server asks the browser to send another request, and the server sends a response header Location, which specifies the URL address of the new request.

Suppose, for the first time, a user requests a resource file, such as a html file, from the server through a browser.

When the server replies, it will add a Last-Modified response header, which indicates the last modification time of the html file, and the browser will record the contents of the html file, as well as the final response time.

When the user requests the html file for the second time, an IF-Modified-since request header is included in the request header. The corresponding value of this request header is the value that the server sends to the client through the Last-Modified response message when the request is made to the server for the first time, that is, the last modification time of the resource file to be requested by the browser.

The If-Modified-Since request header is telling the server whether the last modification time of the file cached by the browser here is equal to that of the file on the server side. If it is equal, then the server will directly return 304 and there will be no need to respond to the contents of the file, and the browser will directly display the contents of the cache.

The server will get the If-Modified- If-Modified- value and compare it with the last modification time of the file cached by the browser. If it is the same, the server will send a response code of 304, indicating that the index.html is the same as the last cache of the browser, and there is no need to send it again. The browser can display its own cache page. If the comparison is different, then the index.html has been modified and the server will respond.

The following is an illustration:

Fourth, some misunderstandings about http protocol should be corrected.

Http is a stateless protocol without any memory ability. Once the browser opens the web page sent by the server, there is no connection between the browser and the server.

In fact, the shopping cart functions of many online shopping malls need to record these information with the help of Cookie or Session or server-side API, and submit these information to the server when requesting the server to settle the page.

When you log on to a website, your login status is also "remembered" by Cookie or Session, because the server does not know whether you log in or not.

At this point, one might ask, since http is a stateless protocol, what the heck is the persistent connection?

In a word, stateless doesn't mean HTTP can't maintain a TCP connection!

Starting from HTTP/1.1, Keep-Alive is enabled by default and keeps the connection feature. To put it simply, when a web page is opened, the TCP connection used to transmit HTTP data between the client and the server will not be closed. If the client visits the web page on the server again, it will continue to use this established connection.

Keep-Alive does not stay connected permanently, it has a hold time, which can be set in different server software (such as Apache).

Fifth, some other common response heads are added.

These headers cause the browser not to cache.

Expires:-1

Cache-Control: no-cache

Pragma: no-cache

With refresh function, automatically jump to http://www.baidu.com after 3 seconds.

# Refresh#: time; url= http://www.baidu.com

These response headers can be customized in html!

You can use it in a HTMl page to specify a response header, for example, in an index.html page, indicating that the browser will only display the index.html page for 3 seconds and then automatically jump to http://www.baidu.com.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.