© 2010 Computer Science Faculty, Kabul University

HTTP

CONTINUED… 4TH LECTURE

2, May, 2010 Baseer Ahmad Baheer

© 2010 Computer Science Faculty, Kabul University

User-server interaction: authentication

• Authentication goal: control access to server

documents

• Stateless: client must present authorization in each

request.

• Authorization: typically name, password

• authorization: header line in request

• If no authorization, server refuses access, sends WWW

authenticate: header line in response

© 2010 Computer Science Faculty, Kabul University

© 2010 Computer Science Faculty, Kabul University

User-server interaction: Cookies

• Cookies are an alternative mechanism for sites to keep

track of users. Some Web sites use cookies and others

don't.

• Suppose a client contacts a Web site for the first time,

and this site uses cookies. The server’s response will

include a Set-cookie: header. Often this header line

contains an identification number generated by the Web

server. For example, the header line might be:

© 2010 Computer Science Faculty, Kabul University

• When the the HTTP client receives the

response message, it sees the Set-cookie:

header and identification number. It then

appends a line to a special cookie file that is

stored in the client machine.

© 2010 Computer Science Faculty, Kabul University

• In subsequent requests to the same server, say

one week later, the client includes a Cookie:

request header, and this header line specifies

the identification number for that server.

© 2010 Computer Science Faculty, Kabul University

• In this manner, the server does not know the

username of the user, but the server does

know that this user is the same user that

made a specific request one week ago.

© 2010 Computer Science Faculty, Kabul University

• Web servers use cookies for many different purposes:

• If a server requires authentication but doesn't want to hassle a user

with a username and password prompt every time the user visits the

site, it can set a cookie.

• If a server wants to remember a user's preferences so that it can

provide targeted advertising during subsequent visits, it can set a

cookie.

• If a user is shopping at a site (e.g., buying several CDs), the server

can use cookies to keep track of the items that the user is

purchasing, i.e., to create a virtual shopping cart.

© 2010 Computer Science Faculty, Kabul University

User-server interaction: conditional GET

• Goal: don’t send object if client has up-to-date

stored (cached) version

• Client: specify date of cached copy in http

request If-modified-since: <date>

• Server: response contains no object if cached

copy up-todate:

© 2010 Computer Science Faculty, Kabul University

© 2010 Computer Science Faculty, Kabul University

• Example:

Request

Response

© 2010 Computer Science Faculty, Kabul University

continued…

Request

Response

© 2010 Computer Science Faculty, Kabul University

• Live HTTP Headers 0.14 (Firefox Add-On)

• https://addons.mozilla.org/en-US/firefox/addon/3829

© 2010 Computer Science Faculty, Kabul University

Web caches

• A Web cache -- also called a proxy server --

is a network entity that satisfies HTTP requests

on the behalf of a client. The Web cache has its

own disk storage, and keeps in this storage

copies of recently requested objects.

© 2010 Computer Science Faculty, Kabul University

© 2010 Computer Science Faculty, Kabul University

© 2010 Computer Science Faculty, Kabul University

References