Post on 05-Jan-2016
© 2010 Computer Science Faculty, Kabul University
HTTP
CONTINUED… 4TH LECTURE
2, May, 2010 Baseer Ahmad Baheer
© 2010 Computer Science Faculty, Kabul University
User-server interaction: authentication
• Authentication goal: control access to server
documents
• Stateless: client must present authorization in each
request.
• Authorization: typically name, password
• authorization: header line in request
• If no authorization, server refuses access, sends WWW
authenticate: header line in response
© 2010 Computer Science Faculty, Kabul University
© 2010 Computer Science Faculty, Kabul University
User-server interaction: Cookies
• Cookies are an alternative mechanism for sites to keep
track of users. Some Web sites use cookies and others
don't.
• Suppose a client contacts a Web site for the first time,
and this site uses cookies. The server’s response will
include a Set-cookie: header. Often this header line
contains an identification number generated by the Web
server. For example, the header line might be:
© 2010 Computer Science Faculty, Kabul University
• When the the HTTP client receives the
response message, it sees the Set-cookie:
header and identification number. It then
appends a line to a special cookie file that is
stored in the client machine.
© 2010 Computer Science Faculty, Kabul University
• In subsequent requests to the same server, say
one week later, the client includes a Cookie:
request header, and this header line specifies
the identification number for that server.
© 2010 Computer Science Faculty, Kabul University
• In this manner, the server does not know the
username of the user, but the server does
know that this user is the same user that
made a specific request one week ago.
© 2010 Computer Science Faculty, Kabul University
• Web servers use cookies for many different purposes:
• If a server requires authentication but doesn't want to hassle a user
with a username and password prompt every time the user visits the
site, it can set a cookie.
• If a server wants to remember a user's preferences so that it can
provide targeted advertising during subsequent visits, it can set a
cookie.
• If a user is shopping at a site (e.g., buying several CDs), the server
can use cookies to keep track of the items that the user is
purchasing, i.e., to create a virtual shopping cart.
© 2010 Computer Science Faculty, Kabul University
User-server interaction: conditional GET
• Goal: don’t send object if client has up-to-date
stored (cached) version
• Client: specify date of cached copy in http
request If-modified-since: <date>
• Server: response contains no object if cached
copy up-todate:
© 2010 Computer Science Faculty, Kabul University
© 2010 Computer Science Faculty, Kabul University
• Example:
Request
Response
© 2010 Computer Science Faculty, Kabul University
continued…
Request
Response
© 2010 Computer Science Faculty, Kabul University
• Live HTTP Headers 0.14 (Firefox Add-On)
• https://addons.mozilla.org/en-US/firefox/addon/3829
© 2010 Computer Science Faculty, Kabul University
Web caches
• A Web cache -- also called a proxy server --
is a network entity that satisfies HTTP requests
on the behalf of a client. The Web cache has its
own disk storage, and keeps in this storage
copies of recently requested objects.
© 2010 Computer Science Faculty, Kabul University
© 2010 Computer Science Faculty, Kabul University
© 2010 Computer Science Faculty, Kabul University
References