Shulou(Shulou.com)06/01 Report--

This article mainly explains "what are the basic knowledge of HTTP protocol". Interested friends may wish to have a look. The method introduced in this paper is simple, fast and practical. Let's let the editor take you to learn the basics of HTTP protocol.

How HTTP works

1. The user performs an operation through the browser, such as entering the URL and entering the enter, or clicking on the link, and then the browser gets the event. two。 The browser sends a TCP connection request to the server. 3. The service program accepts the connection request from the browser and establishes the connection through the TCP three-way handshake. 4. The browser packages the request data into a packet in HTTP protocol format. 5. The browser pushes the packet into the network, and the data packet is transmitted through the network, and finally reaches the end service program. 6. After getting the data packet, the server program also unpacks the packet in HTTP protocol format to obtain the intention of the client. 7. Process it after knowing the client's intention, such as providing a static file or calling a server program to get dynamic results. 8. The server packages the response results (which may be HTML or pictures, etc.) according to the HTTP protocol format. 9. The server pushes the response packet into the network, and the packet is transmitted through the network and finally reaches the browser. 10. After the browser gets the packet, it unpacks it in the format of the HTTP protocol, and then parses the data, assuming that the data here is HTML. 11. The browser displays the HTML file on the page. So what do the Tomcat and Jetty that we want to explore as a HTTP server do in the process? The main steps are to accept the connection, parse the request data, process the request and send the response. Please note that there may be thousands of browsers requesting the same HTTP server at the same time, so Tomcat and Jetty tend to parallelize several things they have to do in order to improve the ability and concurrency of the service, specifically using multi-threading technology.

Tomcat takes the following steps: accepting the connection, parsing the request data, processing the request and sending the response. I will summarize the HTTP protocol more specifically in the network protocol classification later.

Cookie and Session

A characteristic of HTTP protocol is stateless, and there is no relationship between request and request. Cookie is a request header of HTTP messages. Web applications can store user identification information or other information (user name, etc.) in Cookie. After the user is authenticated, the Cookie is included in each HTTP request message so that the server reads the Cookie request header to know who the user is. A Cookie is essentially a file stored locally by the user, which contains the information that needs to be transmitted in each request.

Because Cookie is stored locally in clear text, and Cookie often contains user information, this causes great security risks. Session can be understood as the storage space opened up by the server, in which the user's state is saved, and the user information is stored in the server in the form of Session. When the user request arrives, the server can correspond the user's request to the user's Session. The browser populates the Cookie with a field such as Session ID to identify the request. The specific working process is as follows: when the server creates a Session, it will generate a unique Session ID for the Session. When the browser sends the request again, it will bring the Session ID with it. After receiving the request, the server will find the corresponding Session according to the Session ID. After finding the Session, you can get or add content in the Session. The content will only be saved in the server, and only sent to the client Session ID, which is relatively secure and saves network traffic, because there is no need to store a large amount of user information in Cookie. Session is created in the process of running server-side programs, and applications implemented in different languages have different ways to create Session. In Java, it is created by a Web container, such as Tomcat, when a Web application calls the getSession method of HttpServletRequest. Tomcat's Session manager provides a variety of persistence solutions to store Session, usually using high-performance storage methods, such as Redis, and through cluster deployment to prevent a single point of failure, thereby improving high availability. At the same time, Session has expiration time, so Tomcat will start regular polling by background threads, and if the Session expires, the Session will be invalidated.

Cookie cross-domain: cookie has two important attributes: domain field: this cookie;path field indicates that the browser accesses this domain name only when it accesses the domain name: it indicates that the URL accessed is this path or subpath only with this cookie. Cross-domain means that when we access two different domain names or paths, we want to bring the same cookie.

Cookie attribute:

Name field: the name of a cookie

Value field: the value of a cookie

Domain field: the domain name that can access this cookie

Path field: the page path where you can access this cookie

Size field: this cookie size

Http field: the httponly property of cookie. If this property is True, this cookie information can only be found in the http request header, and this cookie cannot be accessed through [xss_clean].

Secure field: sets whether this cookie can only be passed through https.

Expires/Max-Age field: sets the cookie timeout. If the value is set to a time, the cookie becomes invalid when that time is reached. If it is not set, the default is session, which means that cookie will fail together with session, and cookie will fail when the browser is closed (not the browser tab is closed, but the entire browser is closed).

At this point, I believe you have a deeper understanding of "what are the basic knowledge of HTTP protocol?" you might as well do it in practice. Here is the website, more related content can enter the relevant channels to inquire, follow us, continue to learn!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.