What is HTTP?
Hypertext Transfer Protocol is an application layer (layer 7 in the OSI model) protocol to transfer hypermedia (graphics, audio, plain text and hyperlinks etc) over the network. There are several iterations of the HTTP protocol namely
- HTTP/1
- HTTP/2
- HTTP/3
Majority of the websites are using HTTP/1.1 and HTTP/2.
HTTP is a request-response based protocol for the purpose of communication in a Client-Server based architecture. HTTP commonly uses TCP (Transmission Control Protocol) underneath as its transport layer protocol to enable reliable communication.
How is HTTP stateless?
A stateless protocol is one in which the receiver does not retain any state or session information from previous requests. This means that each HTTP request is processed in isolation. IP (Internet Protocol) is another example of a stateless protocol.
On the other hand, TCP on top of which HTTP is built is a stateful protocol. This is because the client and server agree on
- how much data will be transferred
- order of the packets to be reassembled at either ends
which makes TCP a very reliable transport layer protocol. Within the scope of an HTTP request, the TCP connection is stateful thus ensuring reliable transfer of data. However once that request is processed and a response is sent back, no information about the request is retained. To store state information, various session management techniques are used by web servers.
What are Sessions?
Session Management is used to implement state on top of the stateless HTTP. For example: if a user logged in to a website and is authenticated, the server should not repeatedly ask for the user’s credentials with every subsequent interaction. This is accomplished by using HTTP cookies or session IDs.
HTTP Cookies
Cookies enable web browsers to store stateful information about a user session. These are chunks of data about a user’s session that is sent by the web server to a client device. More than one cookie can be stored by the browser in the user’s device.
Although authorization cookies are essential, this other type called tracking cookies have come under much scrutiny due to privacy concerns. Tracking cookies especially third-party tracking cookies are used to track your browsing history enabling behavioral advertising. Therefore European law requires that all websites targeting European Union member states gain “informed consent” from users before storing non-essential cookies on their device. So go ahead and click no when websites prompt you to accept third party cookies. Here’s a detailed article on third party cookies if you are interested.
Session ID
Session IDs or tokens are typically used in HTTP based connections to identify a user session. For example: when you are adding items to the Amazon shopping cart, the server should have a way of retaining items added to the cart even though you browse through various pages. In this case session ID or token is a way of keeping track of the user’s shopping cart.
Components of an HTTP Request
An HTTP request contains the following
- Request Line
- Request Headers
- Body
Let’s look at an example GET request.
HTTP Request Line
The request line contains the name of the HTTP method to be used. We will look at all the HTTP methods in detail in another post. In the example below, GET is the HTTP method. Following the method is the URI (Unified Resource Identifier) which is the address used to locate a resource. The final part refers to the version of the HTTP protocol.
GET thatgirlcoder.com/ HTTP/1.1
Here’s a detailed example from inspecting the GET request from Google chrome.
Request URL: https://thatgirlcoder.com/ Request Method: GET Status Code: 200 Remote Address: 100.0.00.00:111 Referrer Policy: strict-origin-when-cross-origin
HTTP headers
Headers contain metadata to provide more information about a request. In the following example Accept and Host are headers
:authority: thatgirlcoder.com :method: GET :path: / :scheme: https accept: text/html,application/xhtml+xml,application/xml; accept-encoding: gzip, deflate, br accept-language: en-US,en;q=0.9 user-agent: Mozilla/5.0 (<system-information>) <platform> (<platform-details>) <extensions>
Request Body
A request body is used alongside HTTP methods which are used to change the state of the server such as PUT, POST etc. GET requests do not have a request body section.
Components of an HTTP Response
An HTTP response contains the following
- Status Line
- Response Header
- Body
Status
An HTTP response contains a status code to indicate the successful completion of a request. For example:
HTTP/1.1 200 OK
Here’s a list of possible status codes and their descriptions.
| Status Codes | Description |
| 200 – 299 | Successful response |
| 100 – 199 | Informational response |
| 300 – 399 | Redirect response |
| 400 – 499 | Errors on client side |
| 500 – 599 | Errors on server side |
Response Header
The server responds back with some HTTP headers as well. A popular one is the Set-Cookie header which the client and server use to authenticate a session.
Set-Cookie: key=fkhKFHlfhF; expires=Thur, 09-Sept-2023 12:00:00 GMT; Max-Age=4823982; Path=/; secure
Response Body
The body contains the content requested by the client. In the below example we requested an HTML document.
<!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <title>That Girl Coder – Learn and Grow Everyday!</title>
I hope you learnt some basics of HTTP requests today. Let’s keep diving deeper into this topic over the next few posts!
That Girl Coder 