HTTP, Sessions, and Cookies

The Internet Browser is a software tool that allows users to surf through the Internet or 'Browse the Web'. It is the front end users utilize while performing a wide variety of operations such as filling out forms, accessing web-based e-mail or bank accounts, buying online, paying bills online and so on. The most integral part of the Browser is the 'Address' field where a user enters the name of the web site that he or she wants to access. This name looks like 'www.someorganization.com' and the right term for it is a URL or Universal Resource Locater.

ScreenShot 2a: A Web Browser

A Universal resource may be any information the user requires - usually a file, but sometimes a video clip, executable program, or a document in a different language. Basically, the URL indicates the location of the resource the user wants. It translates to an IP address that points to the location of the computer or 'host' on which the resource the user wants is located. This IP Address and other information from the browser is used by TCP/IP to establish a connection with the computer that contains the resource. How is the exact request and other information entered on the browser relayed to the remote computer that contains the resource?

Hypertext Transfer Protocol (HTTP) is the network protocol that delivers all requests and resources on the World Wide Web. HTTP is the high level protocol that talks to TCP and makes it connect to the appropriate computer. HTTP also sends data from the browser or the server on the other end to IP for the formatting and fragmenting of data to packets. An Internet browser is called an HTTP client because it usually sends requests to a Web Server or host (also known as an HTTP server). Clients making HTTP requests usually connect to Port 80 on the server; this is where servers listen for HTTP requests by default. An HTTP 'message' is either an HTTP request or an HTTP response.

HTTP messages are vital for Web Developers. They contain information about the type and origin of the request or response, the status of the response, the link that the request came from and so on. HTTP request messages contain the information the user entered or other wise input into, say, a form on the browser while HTTP response messages contain the requested resource. In general, an HTTP message has the following parts:

An initial line whose content is based on whether the message is a request to a server or a response from a server. In an HTTP request message, this line contains a 'method' and the path to the requested resource. The three main methods are GET, POST, and HEAD. GET is the simplest; it is a command to just return the requested page. POST is most frequently used when a form with many fields of input is submitted and requires processing at the server; however, it may be used to post to a bulletin board or add lines of information to a database on the server. HEAD just asks for an HTTP header that contains information about the specified resource's type and size. In an HTTP response message, the initial line indicates the status of the response. 'OK' indicates that the resource was fetched successfully. Otherwise, error codes corresponding to the type of problem encountered are returned. These codes are looked up by the browser application and a corresponding error message is output.

ScreenShot 2b: An example of an HTTP Error Response

HTTP headers - these headers contain information about the context of the request. Common headers include USER-AGENT - the name of the program (such as Internet Explorer) making the request and HTTP-REFERRER - the link the user used to get to the page making the request.

The body - This is optional; especially for a request message with the 'GET' method or a response to a HEAD request. It contains at least two descriptive lines - the CONTENT-TYPE line contains the type of data in the message (ASCII TEXT, ADOBE PDF, HTML, binary etc.). The CONTENT-LENGTH line contains the exact size of the content. These lines are followed by the actual content of the message. CONTENT-TYPE and CONTENT-LENGTH are CGI parameters. The body of a request message may contain more CGI 'variables' or parameters.