HTTP/HTTPS
Author: Tran Tuan Quy
Date: July 7, 2014
Updated: Jan 1, 2018
About Me
-
Full Stack JavaScript Developer
-
Technical Manager at NAU Studio
-
I have worked for Pyramid Consulting as Frontend Manager
Contact Me
-
Twitter: #tuanquynet
-
G+: tuanquynet
- Gmail: tuanquynet
Contents
-
Basic Concepts
-
HTTP Message
-
Web Authentication
-
Resource
-
Recap
Basic Concepts
![](https://s3.amazonaws.com/media-p.slid.es/uploads/168931/images/7600353/seven-layers-of-OSI-model.png)
![](https://s3.amazonaws.com/media-p.slid.es/uploads/168931/images/4487557/600px-Rm-osi_parallel.png)
![](https://s3.amazonaws.com/media-p.slid.es/uploads/168931/images/4487557/600px-Rm-osi_parallel.png)
HTTP, FTP, SMTP
HTTP
HyperText Transfer Protocol
Current version: 1.1
Next Version: 2.0
http://http2.github.io/http2-spec/index.html
Use TCP, not UDP
HTTP 1.1
- Charset
- ASCII, ANSI, ISO-8859-1, UTF-8
- ASCII, ANSI, ISO-8859-1, UTF-8
- Date/Time:
- Sun, 06 Nov 1994 08:49:37 GMT ; RFC 822
- Content-Coding:
- gzip
- compress
- deflate
- identify
- HTTP methods, status codes and semantics are the same as HTTP 1.1
- Focus on performance; specifically, end-user perceived latency, network and server resource usage
- Differences from HTTP/1.x
- is binary, instead of textual
- is fully multiplexed, instead of ordered and blocking
- can therefore use one connection for parallelism
- uses header compression to reduce overhead
- allows servers to “push” responses proactively into client caches
How web communication work
![](https://s3.amazonaws.com/media-p.slid.es/uploads/tuanquynet/images/534342/web-communication-client-sever.png)
HTTP Server
![](https://s3.amazonaws.com/media-p.slid.es/uploads/tuanquynet/images/543352/apache-tomcat-install.jpg)
![](https://s3.amazonaws.com/media-p.slid.es/uploads/tuanquynet/images/543350/apache_http_server_icon.jpg)
![](https://s3.amazonaws.com/media-p.slid.es/uploads/tuanquynet/images/543348/nodejs.jpg)
![](https://s3.amazonaws.com/media-p.slid.es/uploads/tuanquynet/images/543351/ico-iis.png)
HTTP Client
![](https://s3.amazonaws.com/media-p.slid.es/uploads/tuanquynet/images/543365/Google_Chrome_icon__2011_.png)
![](https://s3.amazonaws.com/media-p.slid.es/uploads/tuanquynet/images/543359/Firefox-logo.png)
![](https://s3.amazonaws.com/media-p.slid.es/uploads/tuanquynet/images/543357/safari.png)
![](https://s3.amazonaws.com/media-p.slid.es/uploads/tuanquynet/images/543358/Internet_Explorer_10_logo.svg_.png)
How Client Talk with Server
- Client make TCP connection to 173.194.127.160
- Client send HTTP request message to server
- Client read HTTP response returned from server
- Client close TCP connection
How Client Talk with Server
![](https://s3.amazonaws.com/media-p.slid.es/uploads/tuanquynet/images/534839/multiple-connection.png)
How Client Talk with Server
![](https://s3.amazonaws.com/media-p.slid.es/uploads/tuanquynet/images/534840/pipelining.png)
HTTPS
HTTPS stand for HyperText Transfer Protocol Secure
HTTP + SSL = HTTPS
HTTPS
HTTPS Handshake
![](https://s3.amazonaws.com/media-p.slid.es/uploads/168931/images/4487550/https-handshake.gif)
HTTP Message
HTTP Message
![](https://s3.amazonaws.com/media-p.slid.es/uploads/tuanquynet/images/534866/http-response-message.png)
![](https://s3.amazonaws.com/media-p.slid.es/uploads/tuanquynet/images/535030/http-request-message.png)
HTTP Request
HTTP Response
HTTP Request
![](https://s3.amazonaws.com/media-p.slid.es/uploads/tuanquynet/images/535247/http-request-message-03.png)
HTTP Request Method
GET
POST
PUT
DELETE
HEAD
OPTIONS
TRACE
CONNECT
HTTP Request Header
Host
Content-Type
Cookies
Expires
User-Agent
Authorization
Request Body
user:abc@gmail.com&pass=123456
Related Header:
- Content-Length: 202
- Content-Encoding: gzip | compress
HTTP Response
![](https://s3.amazonaws.com/media-p.slid.es/uploads/tuanquynet/images/535251/http-response-message-03.png)
Status Code
1xx: Informational:
- 100 Continue
- 101 Switch protocol
2xx: Successful
- 200 OK
- 201 Created
3xx: Redirection
- 301 Moved Permanently
- 304 Not Modified
Status Code
4xx: Client Error
- 400 Bad Request
- 401 Unauthorized
5xx: Server Error
- 500 Internal Server Error
- 501 Not Implemented
HTTP Response Header
Content-Type
Content-Length
Content-Encoding
Set-Cookies
Server
Web Authentication
Basic Access Authentication
![](https://s3.amazonaws.com/media-p.slid.es/uploads/168931/images/4487439/HTTPAuth.png)
Authenticate with Password
![](https://s3.amazonaws.com/media-p.slid.es/uploads/tuanquynet/images/542201/web-communication-session-cookie.png)
Authenticate with JWT
![](https://s3.amazonaws.com/media-p.slid.es/uploads/168931/images/4487551/web-communication-session-cookie_-_jwt.jpg)
Resource
Question & Answer
Thank for Your Attention
HTTP/HTTPS
By Quy Tran
HTTP/HTTPS
- 2,654