User server interaction-Cookies
15
User-Server Interaction
Transcript of User server interaction-Cookies
User-Server Interaction
Authentication
• Many sites require users to provide a username and a password in order to access the documents housed on the server.
• This requirement is referred to as authentication.
• HTTP provides special status codes and headers to help sites perform authentication
Suppose a client requests an object from a server, and the server requires user authorization.
1. The client first sends an ordinary request message with no special header lines.
2. The server then responds with empty entity body and with a 401 Authorization Required status code. In this response message the server includes the WWW-Authenticate: header, which specifies the details about how to perform authentication.
3. The client receives the response message and prompts the user for a username and password. The client resends the request message, but this time includes an Authorization: header line, which includes the username and password.
• After obtaining the first object, the client continues to send the username and password in subsequent requests for objects on the server.
Cookies
• Cookies are an alternative mechanism for sites to keep track of users.
• Suppose a client contacts a Web site for the first time, and this site uses cookies.
• The server’s response will include a Set-cookie: header.
• Often this header line contains an identification number generated by the Web server.
• For example, the header line might be:
Set-cookie: 1678453
• When the the HTTP client receives the response message, it sees the Set-cookie: header and identification number.
• It then appends a line to a special cookie file that is stored in the client machine.
• This line typically includes the host name of the server and user's associated identification number.
• In subsequent requests to the same server, say one week later, the client includes a Cookie: request header, and this header line specifies the identification number for that server.
• In the current example, the request message includes the header line:
Cookie: 1678453
Web servers use cookies for many different purposes:
• l If a server requires authentication but doesn't want to hassle a user with a username and password prompt every time the user visits the site, it can set a cookie.
• l If a server wants to remember a user's preferences so that it can provide targeted advertising during subsequent visits, it can set a cookie.
• l If a user is shopping at a site the server can use cookies to keep track of the items that the user is purchasing.
The Conditional GET
• By storing previously retrieved objects, Web caching can reduce object-retrieval delays and diminish the amount of Web traffic sent over the Internet.
• HTTP has a mechanism that allows the client to employ caching while still ensuring that all objects passed to the browser are up-to-date. This mechanism is called the conditional GET.
The Conditional GET...
• An HTTP request message is a so-called conditional GET message if
– the request message uses the GET method and
– the request message includes an If-Modified-Since: header line.
The Conditional GET...
• First, a browser requests an uncached object from some Web server:
GET /fruit/kiwi.gif HTTP/1.0
User-agent: Mozilla/4.0
Accept: text/html, image/gif, image/jpeg
The Conditional GET...
• Second, the Web server sends a response message with the object to the client:
HTTP/1.0 200 OK
Date: Wed, 12 Aug 1998 15:39:29
Server: Apache/1.3.0 (Unix)
Last-Modified: Mon, 22 Jun 1998 09:23:24
Content-Type: image/gif
data data data data data ...
The Conditional GET...
• The client displays the object to the user but also saves the object in its local cache.
• Importantly, the client also caches the last-modified date along with the object.
• Third, one week later, the user requests the same object and the object is still in the cache.
The Conditional GET...
• Since this object may have been modified at the Web server in the past week, the browser performs an up-to-date check by issuing conditional GET. Specifically, the browser sends
GET /fruit/kiwi.gif HTTP/1.0
User-agent: Mozilla/4.0
Accept: text/html, image/gif, image/jpeg
If-modified-since: Mon, 22 Jun 1998 09:23:24
The Conditional GET...
• Note that the value of the If-modified-since: header line is exactly equal to value of the Last-Modified: header line that was sent by the server one week ago.
HTTP/1.0 304 Not Modified
Date: Wed, 19 Aug 1998 15:39:29
Server: Apache/1.3.0 (Unix)
(empty entity body)
