Spring 23-24

Semester 4

Web Technology

Dr. Rodaina Abdelsalam

Hypertext Transfer Protocol (HTTP)
Outline

1. Fundamentals for Web Application

2. HTTP – Hypertext Transfer Protocol
3. HTTP Client-Server Transactions
Outline

1. Fundamentals for Web Application

2. HTTP – Hypertext Transfer Protocol
3. HTTP Client-Server Transactions
 Introduction:
The Hypertext Transfer Protocol (HTTP) is a networking protocol for distributed, collaborative, hypermedia
information systems.
HTTP is the foundation of data communication for the World Wide Web. It is a set of rules and procedures used
to communicate over the World Wide Web. Its initial purpose was to provide a way to retrieve and publish HTML
documents.
It comes under application layer (Layer 4) of the TCP/IP model.
 Introduction:
HTTP Clients (referred to as user agents) make requests to the HTTP protocol and the concerned HTTP server handles
these requests.
Typical clients are web browsers, search engine spiders, web enabled applications, etc.
 Introduction:
Other common protocols in use today:
SMTP (Simple Mail Transfer Protocol) - provides a set of codes that simplify the communication of email
messages between email servers, SMTP server handles outgoing emails.
FTP (File Transfer Protocol) is a standard internet protocol provided by TCP/IP used for transmitting the
files from one host to another.
IMAP (Internet Message Access Protocol) is a mail protocol used for accessing email on a remote web
server from a local client. IMAP stores the message on a server and synchronizes the message across
multiple devices.
POP3 (Post Office Protocol) is a standard mail protocol used to receive emails from a remote server to a
local email client. POP3 downloads the email from a server to a single computer, then deletes the email
from the server.
Introduction:
 Client–Server Model

The client–server characteristic describes the relationship of cooperating programs in an application.

The server component provides a function or service to one or many clients, which initiate requests for such
services.
Functions such as email exchange, web access and database access, are built on the client– server model.
 Client–Server Example
Users accessing banking services from their computer use a web browser client to send a request to a web server
at a bank.
That program may in turn forward the request to its own database client program that sends a request to a
database server at another bank computer to retrieve the account information.
The balance is returned to the bank database client, which in turn serves it back to the web browser client,
displaying the results to the user.
 Web Application Architecture
In peer-to-peer architectures, each host or instance of the program can simultaneously act as both a client and
a server, and each has equivalent responsibilities.

Both client–server and peer-to-peer architectures are in wide usage today, where Client-Server is centralized
while Peer-to-Peer is decentralized Networking.
 Client-Server Advantages
In most cases, a client–server architecture enables the roles and responsibilities of a computing system to be
distributed among several independent computers that are known to each other only through a network.
This creates an additional advantage to this architecture:
Greater ease of maintenance.
For example, it is possible to replace, repair, upgrade, or even relocate a server while its clients remain
both unaware and unaffected by that change.
All data is stored on the servers, which generally have far greater security controls than most clients. Servers
can better control access and resources, to guarantee that only those clients with the appropriate permissions
may access and change data.
 Client-Server Advantages
Since data storage is centralized, updates to that data are far easier to administer in comparison to a P2P paradigm.
In the latter, data updates may need to be distributed and applied to each peer in the network, which is time-
consuming as there can be thousands or even millions of peers.
Many mature client–server technologies are already available which were designed to ensure security, friendliness
of the user interface, and ease of use.
It functions with multiple different clients of different capabilities.
 Client-Server Disadvantages
As the number of simultaneous client requests to a given server increases, the server can become overloaded.
In contrast a P2P network, aggregated bandwidth actually increases as nodes are added, since the P2P
network's overall bandwidth can be roughly computed as the sum of the bandwidths of every node in that
network.
The client–server paradigm lacks the robustness of a good P2P network.
Under client–server, if a critical server fail, clients’ requests cannot be fulfilled.
In P2P networks, resources are usually distributed among many nodes. So if one or more nodes depart and
abandon a downloading file, the remaining nodes should still have the data needed to complete the
download.
 The Three-tier Model
Three-tier is a client–server architecture in which the user interface, functional process logic ("business rules"),
computer data storage and data access are developed and maintained as independent modules, most often on
separate platforms.
The three-tier model is a software architecture and software design pattern.
 The Three-tier Model
Apart from the usual advantages of modular software with well-defined interfaces, the three-tier architecture is
intended to allow any of the three tiers to be upgraded or replaced independently as requirements or technology
change.
For example, a change of operating system in the presentation tier would only affect the user interface code.
Typically, the user interface runs on a desktop PC or workstation and uses a standard graphical user interface.
Functional process logic may consist of one or more separate modules running on a workstation or application
server.
A RDBMS on a database server or mainframe contains the computer data storage logic.
The middle tier may be multi-tiered itself, in which case, the overall architecture is called an "n-tier architecture".
 Three-tier Architecture
Three-tier architecture has the following three tiers:
Presentation tier
This is the topmost level of the application.
The presentation tier displays information related to such services as browsing merchandise, purchasing, and
shopping cart contents.
It communicates with other tiers by outputting results to the browser/client tier and all other tiers in the network.
 Three-tier Architecture
Three-tier architecture has the following three tiers:
Application tier
Application tier (business logic, logic tier, data access tier, or middle tier)
The logic tier is pulled out from the presentation tier.
It controls an application’s functionality by performing detailed processing.
 Three-tier Architecture
Three-tier architecture has the following three tiers:
Data tier
This tier consists of database servers.
Here information is stored and retrieved.
This tier keeps data neutral and independent from application servers or business logic.
Giving data its own tier also improves scalability and performance.
 A typical HTTP session
In client-server protocols, like HTTP, sessions consist of three phases:
1. The client establishes a TCP connection to a particular port on a server.
2. The client sends its request, and waits for the answer.
3. The server processes the request, sending back its answer, providing a status code and appropriate data, such
as "HTTP/1.1 200 OK", and a message of its own. The body of this message is typically the requested
resource, although an error message or other information may also be returned.
A typical HTTP session
 A typical HTTP session
• HTTP requests, and responses, share similar structure and are composed of:
• A start-line describing the requests to be implemented, or its status of
whether successful or a failure. This start-line is always a single line.
• An optional set of HTTP headers specifying the request, or describing the
body included in the message.
• A blank line indicating all meta-information for the request has been sent. It is
a line with nothing preceding the CRLF indicating the end of the header fields.
(CRLF refers to Carriage Return and Line Feed, They're used to note
the termination of a line, and moves the cursor to the beginning of a new
line.)
• An optional body containing data associated with the request (like content of
an HTML form), or the document associated with a response.
• The start-line and HTTP headers of the HTTP message are collectively known
as the head of the requests, whereas its payload is known as the body.
 HTTP-Hypertext Transfer Protocol
HTTP Message
In the interest of robustness, servers SHOULD ignore any empty line(s) received where a Request Line is expected.
In other words, if the server is reading the protocol stream at the beginning of a message and receives a CRLF first,
it should ignore the CRLF.
 HTTP-Hypertext Transfer Protocol
HTTP (Hyper Text Transfer Protocol) is the protocol of the web.
WWW is about communication between web clients and servers
Communication between client computers and web servers is done by sending HTTP Requests and
receiving HTTP Responses
Clients are often browsers (Chrome, Edge, Safari), but they can be any type of program or device.
 HTTP-Hypertext Transfer Protocol
Every time you open your browser to visit a web page or submit a form, you are using http and you are
going into request-response cycle.
http is stateless; that means that every request is completely independent, every time you make a request
to visit a web page, or you request another page after that or you reload a page, it doesn’t remember
anything about the previous request.
 HTTP Request / Response
Communication between clients and servers is done by requests
and responses:
1. A client (a browser) sends an HTTP request to the web
2. A web server receives the request
3. The server runs an application to process the request
4. The server returns an HTTP response (output) to the browser
5. The client (the browser) receives the response
 HTTPS-Hypertext Transfer Protocol Secure

HTTPS where data that is sent back and forth is encrypted by SSL (Secure Sockets layer) or TLS (Transport
Security Layer).
Used to securely send sensitive information such as credit card data, social security number, where we want
to have high level of security.