<h1 style="color: #005b5e;">HTTP</h1>

<hr style="border-top: 1px solid #005b5e;" />

Within this notebook, we will explain the concept of <i>HTTP</i>, alongside its usage and function. HTTP is a vital protocol which is important to understand and know of when working within the realms of the internet etc.

We will also discuss what exactly a server is in this context, alongside its operations.

<h3 style="color: #005b5e;">Description</h3>

<hr style="border-top: 1px solid #005b5e;" />

HTTP or (Hyper Text Transfer Protocol), can be described as an "application layer protocol for transferring hypermedia documents", similiar to HTML.<sup><a href="#references">[1]</a></sup> This inherently means that this protocol is used to load pages using hyperlinks. This provides the main access to the internet.

The HTTP protocol is based on a <a href="https://en.wikipedia.org/wiki/Client%E2%80%93server_model">client-server model</a>, meaning each request is actually initiated by the receiver (e.g a browser). HTTP is a "stateless protocol", meaning each request is treated independently, not having any knowledge of previous requests, which follows <a href="https://restfulapi.net/">REST</a> principles.<sup><a href="#references">[2]</a></sup>

Communication is made through HTTP requests and HTTP responses, but what do they consist of?

<h3 style="color: #005b5e;">Request and Response</h3>

<hr style="border-top: 1px solid #005b5e;" />

HTTP consists of both a HTTP request (made by the client) and a HTTP response (sent by the server). Let us first breakdown and understand these individually.

<h4 style="color: #005b5e;">HTTP Request</h4>
<hr style="border-top: 1px solid #005b5e;" />

A HTTP Request is simply the way in which web browsers ask for information in which they need in order to access a website. A request is made up of the following:

<ul>
    <li style="color: #009b5e;">HTTP Version</li>
    <li style="color: #009b5e;">URL</li>
    <li style="color: #009b5e;">HTTP Request Headers</li>
    <li style="color: #009b5e;">HTTP body (Optional)</li>
    <li style="color: #009b5e;">HTTP Method <sup><a href="#references">[4]</a></sup></li>
</ul>


<p style="color: #005b5e;"><b>HTTP Version:</b> </p>The current HTTP version in use (<i>e.g. <b>HTTP/1.1</b></i>)
<p style="color: #005b5e;"><b>URL:</b> </p>The path of the document


<p style="color: #005b5e;"><b>HTTP Request Headers:</b> </p> Used to specify the context of the request, so the server can ensure information is sent in the way which is needed. We can see below examples of Request Headers (e.g <b><i>Accept-* headers</i></b>) <sup><a href="#references">[6]</a></sup>

```http
GET /home.html HTTP/1.1
Host: developer.mozilla.org
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:50.0) Gecko/20100101 Firefox/50.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://developer.mozilla.org/testpage.html
Connection: keep-alive
Upgrade-Insecure-Requests: 1
If-Modified-Since: Mon, 18 Jul 2016 02:36:04 GMT
If-None-Match: "c561c68d0ba92bbeb8b0fff2a9199f722e3a621a"
Cache-Control: max-age=0 
```

<p style="color: #005b5e;"><b>HTTP Method:</b> </p>The action in which is expected to be carried out on request.
There are many different HTTP methods, however the most common are <b>GET</b> and <b>POST</b>.
<br>

<ul>
    <li><b style="color: #009b5e;">GET :</b> Used to <i>read</i> or retrieve a resource. Resource returned may be XML or JSON</li> 
    <li ><b style="color: #009b5e;">POST :</b> Used to <i>create</i>  a resource. Sends data to the server to change its state <sup><a href="#references">[5]</a></sup></li>
</ul>

<p style="color: #005b5e;"><b>HTTP Request Body:</b> </p> The HTTP request body is where content can be sent to the server. This is most commonly found in POST requests, where a resource is created based on the data sent within the body.

<p style="color: #005b5e;"><b>Example of a HTTP POST request (table insertion) <sup><a href="#references">[8]</a></sup>:</b> </p>

```http
Accept: application/json
Authorization: Basic dGVzdHVzZXIwMTpuZXRjb29s
Content-Type: application/json
Host: localhost
Connection: keep-alive
Content-Length: 984
```

```JSON
{
	"rowset":	{
			"coldesc": [ {
					"type": "string",
					"name": "Identifier"
			}, {
					"type": "string",
					"name": "Node"
			}, {
					"type": "string",
					"name": "AlertKey"
			}, {
					"type": "integer",
					"name": "Severity"
			}, {
					"type": "string",
					"name": "Summary"
			}, {
					"type": "utc",
					"name": "FirstOccurrence"
			}, {
					"type": "utc",
					"name": "LastOccurrence"
			}, {
					"type": "integer",
					"name": "OwnerUID"
			}, {
					"type": "integer",
					"name": "OwnerGID"
			}],
			"rows":	[ {
					"FirstOccurrence": 1341412087,
					"Node": "localhost",
					"AlertKey": "JUnitEventInstance",
					"Summary": "This is a test event generated by the JUnit REST Event Tests.(1)",
					"LastOccurrence": 1341412087,
					"Identifier": "JunitEventTestInstance####1",
					"OwnerGID": 0,
					"Severity": 4,
					"OwnerUID": 0
		}]
	}
}
```

<h4 style="color: #005b5e;">HTTP Response</h4>
<hr style="border-top: 1px solid #005b5e;" />

A HTTP response is what a server responds with on receiving a HTTP request, which is then retrieved by the client. The response contains the following:

<ul>
    <li style="color: #009b5e;">HTTP Status</li>
    <li style="color: #009b5e;">HTTP Response Headers</li>
    <li style="color: #009b5e;">HTTP body (Optional) <sup><a href="#references">[4]</a></sup></li>
</ul>

<p style="color: #005b5e;"><b>HTTP Status Codes:</b> </p>HTTP Status Codes are used to determine if the result of our HTTP request was successful, and if not, why it wasn't. This is quite important for varying reasons. Responses can be broken down into the following:

<ul>
    <li style="color: #009b5e;">Informational (100-199)</li>
    <li style="color: #009b5e;">Successful (200-299)</li>
    <li style="color: #009b5e;">Redirection (300-399)</li>
    <li style="color: #009b5e;">Client Error (400-499)</li>
    <li style="color: #009b5e;">Server Error (500-599)</li>
</ul>

<u>Custom status codes specified to the server can also be sent.</u> <sup><a href="#references">[7]</a></sup>

<p style="color: #005b5e;"><b>HTTP Response Headers:</b> </p>Used to send additional information about the response, given more context than the status codes apply. This includes server information, the resource that was particularly requested, and additional resources. <sup><a href="#references">[10]</a></sup>

<p style="color: #005b5e;"><b>HTTP Response Body:</b> </p> Contains the particular response requested by the client where appropriate.

<p style="color: #005b5e;"><b>Example of a HTTP POST response (table collection) <sup><a href="#references">[9]</a></sup>:</b> </p>

```http
HTTP/1.1 201 Created
Location: http://localhost/objectserver/restapi/alerts/status/kf/12481%3ANCOMS
Cache-Control: no-cache
Server: libnhttpd
Date: Wed Jul 4 15:31:53 2012
Connection: Keep-Alive
Content-Type: application/json;charset=UTF-8
Content-Length: 304
{
	"entry":	{
		"affectedRows": 1,
		"keyField": "12481%3ANCOMS",
		"uri": "http://localhost/objectserver/restapi/alerts/status/kf/12481%3ANCOMS"
	}
}
```

<center><h4 style="color: #005b5e;"><u>Example of HTTP Request and Response</u></h4></center>
<img src="https://www3.ntu.edu.sg/home/ehchua/programming/webprogramming/images/HTTP_Steps.png"><a href="https://www3.ntu.edu.sg/home/ehchua/programming/webprogramming/images/HTTP_Steps.png"><center><b>Source</b></center></a></img>



<h2 style="color: #005b5e;;">HTTP: Server</h2>

<hr style="border-top: 1px solid #005b5e;" />

While discussing HTTP, we briefly touched upon servers in relation to HTTP. However, we haven't discussed what <i>exactly</i> a server is. Let us take a closer look to understand what being a server entails, and what its usages are.

<h3 style="color: #005b5e;;">Definition</h3>

<hr style="border-top: 1px solid #005b5e;" />

The main purpose of a server is to manage, store, receive, and send data. It exists to provide a service to other computers (clients), whether that is a singular purpose or several. <sup><a href="#references">[11]</a></sup>

For a server to function as one, it is important that it is configured to listen for requests from other computers and to respond with the appropriate information. This is the client-server model which we discussed before.

There are many different types of servers, all performing various different tasks, whether they have a single task or several depends on the type of server. These servers are as follows: <sup><a href="#references">[12]</a></sup>

<ul>
    <li ><b style="color: #008b5e;">File servers :</b> Used to store and provide file access</li>
    <li ><b style="color: #008b5e;">Print servers :</b> Used to manage and provide printing functionality. Allows for requests from numerous clients, more efficient than a printer for each client</li><br>
    <li><b style="color: #008b5e;">Application servers :</b> Used to run applications, instead of a client running an application locally. Server handles demanding applications so clients with less hardware power to use the application</li> 
    <ul>
         <li><b style="color: #009b5e;">DNS servers :</b> Converts and maps names (human-readable), to IP addressses (machine-readable). Allows for a client to retrieve the address of a system with a name</li>
        <li><b style="color: #009b5e;">Mail servers :</b> Receives and stores emails of a user until requested by the client, for the user in question. Removes the need for each client to have a continous subsystem running</li> 
    </ul><br>
    <li><b style="color: #008b5e;">Web servers :</b> Type of application server which stores programs and data in which can be requested by clients over a network (the web). Most common example of a server</li> 
    <li><b style="color: #008b5e;">Database servers :</b> Most commonly used with companies who hold vast amounts of data. Since data can take up alot of disk space, and the data needs to be retrievable by many clients simultaneously, it is important to have a database application that can store and respond to many requests from numerous clients</li><br>
    <li><b style="color: #008b5e;">Virtual servers :</b> A virtual server consists of converting a physical server into multiple virtual machines. This allows for multiple clients to use the processing power of the server. The purposes of this is to deal with dynamic workloads and to lower physical hardware costs <sup><a href="#references">[13]</a></sup></li>
    <li><b style="color: #008b5e;">Proxy servers :</b> The main purposes of a proxy server is to act as an intermediary between the client and server, mainly for security purposes. The proxy server passes requests and responses between the client and server, where they don't need to be in direct contact with one another</li>
    <li><b style="color: #008b5e;">Monitoring and management servers :</b> Listens and tracks traffic through a network, while also monitoring client requests and server responses. These servers usually don't listen for requests or handle data themselves. However, a monitoring server can respond to monitoring clients to determine the functionality of a network</li>
</ul>




<h2 style="color: #005b5e;">HTTP: Static vs Dynamic Websites <sup><a href="#references">[14]</a></sup></h2> 

<hr style="border-top: 1px solid #005b5e;" />

When it comes to websites, it is important to be able to differentiate between a dynamic website, and a static one. Although quite distinct from eachother, each of them offer their advantages and disadvantages.

<h3 style="color: #005b5e;">Static Website</h3>

<hr style="border-top: 1px solid #005b5e;" />

A <b>static website</b> is a website in which displays <u>exactly the same for any given user</u>, the website itself can only ever be changed if the files being shown are changed manually. 

A static website generally consists of HTML, CSS, and JavaScript, which is then served to the client from a server. Statid websites are quite basic and simplistic in nature.

<h4 style="color: #005b5e;">Advantages</h4><br>
Due to the sheer simplicity of a static website, they are quite quick and easy to get up and running. This is usually a huge benefit for smaller businesses where they can get their presence out onto the internet relatively easily.

Since the server is also only responding to requests with basic files, this can be a faster experience for the user since there since there are no changes made to the files at any stage.

<h4 style="color: #005b5e;">Disadvantages</h4><br>
The simplicity of a static website can also be a drawback however. <u>All changes to what is displayed on a website has to be done manually</u>, which can be tedious. 

Showing the same content can also be a limiting factor. Depending on what your website is, it may be more ideal to go with a static website, although it also has the potential to be a hidrance. A personal user experience is quite important in the right context.

<h3 style="color: #005b5e;">Dynamic Website</h3>

<hr style="border-top: 1px solid #005b5e;" />

A <b>dynamic website</b> is a website in which contains data and information which can change in various ways, depending on a user, time of day, etc. It can change the look and content of the website based on the user. This make a dynamic website much more complex in nature. These pages and their data are built when the user requests a page, not before. 

Once a user requests a page, the server interacts with the underlying database to ensure the necessary data will be displayed. For example, in the case of a shopping website, prices and items are fetched from the database dynamically. 

This process of retrieving the data from databases before responding to our clients is called <i>server-side processing</i>.

Each client can have differing content and information displayed, depending on various factors.

<h4 style="color: #005b5e;">Advantages</h4><br>
Unlike static websites, dynamic websites require less manual work since pages are being built as a client requests them. Information is retrieved from one or more databases in order to build the files that the browser receives, turing into a page.

Each page can vary from another, providing a more personal experience.

<h4 style="color: #005b5e;">Disadvantages</h4><br>

As discussed before, a dynamic website is much more complex than its static equivalent. This means the maintenance of a dynamic website would need more coding experience and knowledge, which can be more costly to learn or hire for. 

Since there is more customization and varying factors within the pages, load times can be affected in comparison to a static page. <br><br>

<center><h4 style="color: #005b5e;"><u>Example of how Static and Dynamic Websites are processed</u></h4><br></center>

<img src="https://about.gitlab.com/images/blogimages/ssg-gitlab-pages-series/part-1-dynamic-x-static-server.png"><a href="https://about.gitlab.com/images/blogimages/ssg-gitlab-pages-series/part-1-dynamic-x-static-server.png"><center><b>Source</b></center></a></img>

<h2 style="color: #005b5e;;">HTTP: State and Session Management <sup><a href="#references">[3]</a></sup></h2>

<hr style="border-top: 1px solid #005b5e;" />

We discussed that the protocol HTTP is considered to be "stateless", where each request is treated independantly from one another. However, there are cases where we require the state information to be passed between each request, for example when we are dealing with a shopping cart on a website. 

How can this be achieved, since HTTP is "stateless"? For us to be able to maintain state information, the responsibility falls upon the application to maintain this.

There are 3 ways in which can be used to maintain state information: 

<ul>
    <li ><b style="color: #008b5e;">Cookies</b></li>
    <li ><b style="color: #008b5e;">HTML form (Hidden Fields)</b></li>
    <li ><b style="color: #008b5e;">Rewriting of URLs</b></li>
</ul>

<h3 style="color: #005b5e;">Cookies</h3>

Since the server does not retain any information on previous client requests, an alternative is required. Cookies are information in which is sent from the server to a browser, which is then stored on the client-side. Cookies are then sent alongside any client requests to the original host in which the cookie was sent from. This in turn means that cookies are exclusive to their original host. 

The purpose of a cookie is for a server to be able to uniquely identify a given client. 

We can classify cookies based on their persistence:

<ul>
     <li><b style="color: #008b5e;">Persistent cookies :</b> Cookies in which can persist over many browser sessions, where a future expiration date can be specified</li>
    <li><b style="color: #008b5e;">Non-persistent cookies :</b> Cookies which only last during a single browser session</li>
</ul>

<h4 style="color: #005b5e;"><u>Example of a Persistent Cookie</u></h4>

<h4 style="color: #005b5e;">Client</h4>

```http
GET /cookie/servlet/TestCookieClass HTTP/1.1
Accept: image/gif, image/jpeg, */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Host: 127.0.0.1:8000
Connection: Keep-Alive
```
<h4 style="color: #005b5e;">Server</h4>

```http
HTTP/1.1 200 OK
Set-Cookie: cc4=4444; Expires=Tue, 10-Feb-2004 18:32:03 GMT
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 550
Date: Tue, 10 Feb 2004 04:38:43 GMT
Server: Apache-Coyote/1.1 
   
(response message body omitted)
```

<h4 style="color: #005b5e;"><u>Example of a Non-Persistent Cookie</u></h4>

<h4 style="color: #005b5e;">Client</h4>

```http
GET /test/servlet/CookieTest HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Host: 127.0.0.1:8000
Connection: Keep-Alive
```

<h4 style="color: #005b5e;">Server</h4>

```http
HTTP/1.1 200 OK
Set-Cookie: cookie1=11111111
Content-Type: text/html;charset=ISO-8859-1
Content-Length: 156
Date: Sun, 08 Feb 2004 16:23:13 GMT
Server: Apache-Coyote/1.1
   
(response message body omitted)
```

<h4 style="color: #005b5e;">Client</h4>

```http
GET /test/servlet/CookieTest HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Host: 127.0.0.1:8000
Connection:    Keep-Alive
Cookie: cookie1=11111111
```

<h3 style="color: #005b5e;">HTML Form (Hidden Fields)</h3>

By us using a HTML form, and including a session ID in a hidden field within the form that is sent to each and every HTML page, the server can determine what information it needs to associate to that session ID. This works entirely without the usage of cookies.

<h4 style="color: #005b5e;">Advantage</h4>
Since all browsers support HTML forms, there is no need to worry about browser compatibility


<h4 style="color: #005b5e;">Disadvantage</h4>
This is a tedious approach in nature since the form needs to be inserted into each dynamically generated page.<br></br>

<h4 style="color: #005b5e;"><u>Example of HTML form with a hidden field</u></h4><br>

```html
<form method="post" action="url">
  <input type="hidden" name="sessionid" value="1111">
  ...
  <input type="submit">
</form>
```

<h3 style="color: #005b5e;">URL Re-writing</h3>
URL re-writing is the process of including an ID which is completely unique to a given user in each of their URLs, where the ID identifies a given session.

<h4 style="color: #005b5e;">Advantage</h4>
Url re-writing is supported in all browsers and works regardless if cookies are disabled manually or are not supported.


<h4 style="color: #005b5e;">Disadvantage</h4>
URL re-writing can be a huge security risk. Session IDs can be discovered and accidentally shared by copying links or from your browser history. It is usually not recommended to provide session IDs within URLs. <sup><a href="#references">[15]</a></sup>

<h4 style="color: #005b5e;"><u>Example of a session ID included in a URL</u></h4><br>

```http
http://host:port/shopping.html;sessionid=value
```





<h2 style="color: rgb(0, 91, 94);">References</h2>

<hr style="border-top: 1px solid rgb(0, 91, 94);" />

<div id="references">
    <p>
        [1] Mozilla Web Docs (Website): <a href="https://developer.mozilla.org/en-US/docs/Web/HTTP">HTTP</a><br><br> 
        [2] Mozilla Web Docs (Website): <a href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Overview">HTTP: Overview</a><br><br>
        [3] Nanyang Technological University (Notes): <a href="https://www3.ntu.edu.sg/home/ehchua/programming/webprogramming/HTTP_StateManagement.html">HTTP: State and Session Management</a><br><br>
        [4] Cloudflare (Website): <a href="https://www.cloudflare.com/learning/ddos/glossary/hypertext-transfer-protocol-http/">What is HTTP?</a><br><br>
        [5] REST API Tutorial (Website): <a href="https://www.restapitutorial.com/lessons/httpmethods.html">HTTP Methods for RESTful Services</a><br><br>
        [6] Mozilla Web Docs Glossary (Website): <a href="https://developer.mozilla.org/en-US/docs/Glossary/Request_header">Request Header</a><br><br>
        [7] Mozilla Web Docs (Website): <a href="https://developer.mozilla.org/en-US/docs/Web/HTTP/Status">HTTP response status codes</a><br><br>
        [8] IBM (Website): <a href="https://www.ibm.com/docs/en/netcoolomnibus/7.4?topic=examples-table-collection-post-request">Example table insertion POST request</a><br><br>
        [9] IBM (Website): <a href="https://www.ibm.com/docs/en/netcoolomnibus/7.4?topic=examples-table-collection-post-response">Example table collection POST response</a><br><br> 
        [10] RFC 9110 (Website): <a href="https://www.rfc-editor.org/rfc/rfc9110.html#name-response-context-fields">HTTP Semantics</a><br><br>  
       [11] Hewlett Packard (Website): <a href="https://www.hp.com/us-en/shop/tech-takes/what-does-a-server-do">What Does A Server Do?</a><br><br>  
       [12] Paessler (Website): <a href="https://www.paessler.com/server_monitoring_software#server-definition">Server Monitoring</a><br><br>  
       [13] Google Cloud (Website): <a href="https://cloud.google.com/learn/what-is-a-virtual-server#section-1">What is a virtual server?</a><br><br>  
       [14] Gitlab (Website): <a href="https://about.gitlab.com/blog/2016/06/03/ssg-overview-gitlab-pages-part-1-dynamic-x-static/">Dynamic vs Static Websites</a><br><br>
       [15] OWASP (Website): <a href="https://owasp-aasvs.readthedocs.io/en/latest/requirement-3.6.html">Session management verification requirements</a><br><br> 
</div>
