WHAT IS HTTP ?

Hypertext Transfer Protocol(HTTP) is a protocol that allows the fetching of resources such as HTML documents, CSS style sheets and JavaScript files to be rendered on the client. It is the foundation of any data exchange on the web. Requests are initiated by the client, usually a web browser. Request are sent by the client to a server which replies the request with a response. The web server is on the response side of the HTTP cycle. It returns a response as a reply to a request sent to it by a client.

HTTP SESSION

An HTTP session is a sequence of network request- response transactions. A client initiates a session by establishing a Transaction Control Protocol(TCP) connection to a particular port on a server. The client receives a response to requests only if the server is actively listening on that port. A client can be a user trying to get access to a particular website or web resource, or applications developers use to mimic a client such as postman.

HTTP REQUESTS

A client sends the http request to a server and expects a response from the server. The HTTP request is made up of:

  1. The HTTP method.
  2. The path or URL to the web resource been fetched.
  3. The HTTP headers
  4. The Request body

HTTP Method: An http request requires a method that indicates the intent or intention of that request. The methods are usually referred to as HTTP verbs. The most common HTTP methods are GET, POST, PUT, DELETE. Other methods include PATCH and OPTIONS .

GET Method: The GET method is used to request data from a server. Request carrying the GET method should be used to retrieve data and not to modify data. GET requests are stored in the history of a browser and they can be bookmarked. It is the default request method used when the browser loads a web page.

POST Method: The POST method is used to send data over to a server. It is used to create or update a resource. Request carrying the POST method often change the state of the server. The POST method is often used to send user generated data to the server. A request to register a new user would be a POST request that carries the username, email, password in the body of the request.

PUT Method: The PUT method is used to update a particular resource on a server. One difference between the PUT and POST method is that the PUT method is idempotent. This means that repeated calls using the PUT request achieves the same results. The PUT method can be used in situations like a user trying to update their profile picture or username.

DELETE Method: The DELETE method is used to remove or delete a particular resource. A user trying to delete their account should use the DELETE method to send a request that deletes the users record.

HTTP HEADERS: Http headers allow clients to pass additional information along with the request to the server. Information like the authorization and content type are frequently passed along with requests. Tokens used in authorization and validation by the server are passed in the Authorization header to access protected resources.

REQUEST BODY: The body of the request is used to convey user generated data on to the server for processing. Most Http request with a body are usually the POST or PUT methods. The request body carries user generated data like the login in details of a user, over to the server for processing.

HTTP RESPONSE

After receiving a request from a client, the server interprets the request, processes it an returns a response to the client. The server only returns an http response in reaction to a client request.

The HTTP response consist of:

  1. The version of the HTTP protocol
  2. The Status Code.
  3. The Status message
  4. An HTTP Header.

Status Code: Status codes are issued by the server and returned as a part of the response to explain the servers response to the request. Status codes indicates whether the request failed or it was successful. Status codes are classified into five major categories:

  1. Informational response (100-199): This usually means the request has been received but the server is still processing.
  2. Successful responses(200-299): This means the request was successfully received, interpreted and processed. The 201 request is usually returned after a new resource has been created. The 201 status code is returned after a new user has been successfully registered on the server. The 200 status code is the default "OK" response by the server.
  3. Redirects response(300-399): This status code indicates that further action is needed to complete the request. This status code is usually returned if they request has multiple possible responses or the resource the client is requesting has been moved.
  4. Client error(400-499): This response is usually returned when the server does not understand the request the client sent. This can be as a result of invalid syntax or the user not been authorized to access the requested resource. Status codes in this range can also be returned when the wrong method was used by the client when sending the request. An unsupported media type can also prompt the server to return such status codes. The 400 status code is returned in a case of invalid syntax. The server returns the 401 status code when the user is not authorized to access the requested resource. The 415 status code means the media type sent in the request in not supported by the server.
  5. Server Errors(500-599): This status codes are returned when the server fails to process or resolve a valid request. This indicates that the server server could not fulfil the request because of an internal error. This can be as a result of a timeout on the server, or the server been temporarily unavailable. Most of the times, when a server returns a status code in this range, its usually a problem from the server.

Custom status codes can also be returned from a server. Any status code not in a range on this lists means the status code is custom to that software and is a non standard response.

HTTP is probably the most widely used protocol for communication on the web. The issue with the HTTP protocol is that information exchanged between the client and the server are written in plain text. This might not be a problem for most websites, but in a situation where a user's personal details are been exchanged, it becomes an issue. Personal and sensitive data like name, password, address, credit card numbers should not be exchanged in plain text over the internet. Hackers can disguise and unlawfully gain access to such data. This major concern was the reason for the HTTPS protocol.

HTTPS stands for Secure Hypertext Transfer Protocol. It is a version of the HTTP with a security feature. HTTPS ensures to encrypt data that is exchanged between the server and the client over the web. This makes data transferred over the web impossible to read by hackers. It does this by using algorithms which encrypts the data before they are exchanged over the web. The HTTPS protects the users information and makes them inaccessible to hackers or unauthorized parties. Browsers identify the kind of protocol been used for exchanged by 'https' or 'http'. Some browsers also flag websites using just the http as not secure. Be sure a website uses the secure https protocol before entering in sensitive data like credit card numbers. A lot of web browsers also indicates that the secure https is been used by a 'padlock' icon just before the link.

The secure HTTPS protects the data by using either the

  1. SSL(Secure Sockets Layer)
  2. TLS(Transport Layer Security)

SSL works by the website requesting for an SSL certification to authenticate the identity of the website on visit. The certificate is used identify and make sure the website is secure and trust worthy. It's the standard technology for keeping an internet connection secure and safeguarding any sensitive data that is being sent between two systems.

TLS is an upgraded version of the SSL. Like SSL, its authenticates the server to confirm identity and encrypts the data transferred.