Cookies

Cookies

 It's time for cookies!

 

It is always favorable for websites to keep track of their visitors so that they can either restrict their usage or deliver content according to their previous search history. Here the role of "Cookies" come into play which are defines in ' RFC 6265 '. As HTTP is a stateless protocol, cookies create a user session layer on top HTTP.

Cookie technology has four components:

1. A cookie header line in HTTP request message.
2. A cookie header line in HTTP response message.
3. A cookie file managed by user's browser.
4. A backend database at the website. 

Cookie Mechanism: 
                         

• Suppose Mr X is visiting flipkart.com for the first time.
•  When the flipkart server receives the request it assigns an unique identification number to Mr X and makes an entry in its backend database which is indexed by the identification number.
•  Then the flipkart server sends an HTTP response message which includes " Set-cookie: " header containing the identification number. 
• When Mr X's browser receives the response it interprets the set-cookie header and appends the data to the special cookie file it maintains.
• The data includes hostname of the server and the identification number.
• Every time Mr X's computer wants to send a request to flipkart server, the browser adds the " Cookie: " header in its request HTTP message.
• The server performs a lookup for Mr.X's ID and delivers content accordingly.
• This is how the flipkart server keeps a track of Mr.X's activity at the site.
• Although the site does not have Mr. X's name, it does know what he has been browsing and at what times!
• Now if Mr.X registers by providing his full name, credit-card details, location(address) then the server can associate all this information with the ID. (The site now has a lot of information about Mr.X !!)

Although cookies simplify internet usage they can be controversial !!

 

$$$$$$$

HTTP-Hyper Text Transfer Protocol

HTTP

Hyper Text Transfer Protocol

HTTP stands for Hyper Text Transfer Protocol. It is an application layer protocol implemented in client program and server program. The client and the server communicate with each other by exchanging messages which define how clients request webpages and how the server transfers them.

HTTP uses TCP (Transmission Control Protocol) as its underlying transport layer protocol. The HTTP client first initiates a TCP connection with the server and is now ready to exchange messages and data.

HTTP is a stateless protocol i.e. if a client asks for the same webpage twice in period of few seconds then the server does not say that it had just serviced the request few seconds ago, instead it responds with the same object.

HTTP Request Message:

 

 The above images show the general format of an HTTP request message sent by a client to a server. First we see that every line is separated by a ' cr ' i.e. carriage return and a ' lf ' i.e line feed. Carriage return moves the cursor to the beginning of a line and the line feed moves the cursor to a new line. Both of these combined move the cursor to the beginning of a new line. Here ' sp ' stands for 'space'. The response as well as request messages are written in ASCII text which enables humans to read them too. As you can see the first line is called a request line and the subsequent lines are called header lines. The entity body is often empty with GET method but when POST method is used, it consists of the data to be sent when a form is filled out. The method field can use various values like GET, POST, HEAD, PUT, DELETE etc. Majority of requests use GET method i.e. the the requested object is specified in URL itself. For eg ' xyz.com/somefolder/someimage.jpg '. Here the main object which is an image is specified in URL itself.Hence GET method can be used here. The version specifies the protocol version eg. HTTP/1.1. The host header specifies the server name in which the object resides. The Accept-Language header specifies the language in which the page is displayed as the same page can be stored in different languages.The Accept-Encoding header is used for negotiating content encoding. The User-Agent specifies the browser and its version. The Content-Length specifies the size in bytes.

You must have observed that many forms use GET instead of POST and include the inputted data in the URL itself. For eg. if a form has two input fields and the inputs are 'monkeys' and 'bananas' then the URL would be somewhat like:
' www.somesite.com/animalsearch?monkeys&bananas '  

HTTP Response Message:

The status line has three fields version, status code, status message. The Date header specifies the date and time when the request was serviced. The Last-Modified header specifies when the requested object was last modified. The ETag HTTP response header is an identifier for a specific version of a resource. The Connection header specifies that the TCP connection can be closed after the data is sent successfully. Content-Type specifies the type or format of requested file. Message Body consists of the actual file which was requested. 


$$$$$$$$$$$$$$$