Browser is HTTP client, web server is HTTP server.
Client submits an HTTP request message to the server, server returns a response message (status + payload).
NB: Browser is a user-agent, that is software acting on behalf of a user. This extends to apps, web crawlers (Google), RSS, etc (see client notes).
HTTP session is a series of network request-response transactions.
A TCP connection is made to a particular port on a server (80 or 8080 usually) and the HTTP server listening on that port waits for a client-request message. A request is made; the server then responds.
HTTP has an auth framework in which the server issues challenges. More notes on this required.
HTTP requests take the form of methods:
The getter methods (head, get, options, trace) are considered safe, making no changes, the setters are not.
Trace can lead to cross-site tracing exploit.
Important element of HTTP is that it is stateless: Once request is sent and received, it is discarded and forgotten.
URL: What’s in a name?!
Uniform resource locator is made up of several parts:
- what is the file
- where does it live
- optional stuff