A, Cookie,
- Meaning of Cookie:
HTTP requests are stateless and break at the end of each request. So the server and client will not save any link information. The appearance of cookies can save some data in the client and send it to the server at the same time when it initiates a request again, which is equivalent to saving this data, and the server can make corresponding processing according to this data
- How to set cookies
- When a client initiates a request for the first time, the server does not know its identity. Therefore, the server generates unique data in the format of “key=value” and puts it in the “set-cookie” field of the response packet. The browser stores the Cookie when it receives it
- When the client sends a request for the second time, it puts the previously stored Cookie data in the “Cookie” field of the request packet. The server can know the identity of the client according to the unique data and make corresponding processing
- We can see the previously stored Cookie in the developer tools of the browser
- Attributes associated with cookies
- Cookie validity period:
- Expires: indicates the expiration time. Set a specific time point, indicating that the Cookie expires
- Max-age: indicates the survival time. Sets the number of seconds in which the Cookie expires, equivalent to the shelf life.
- When present with Expires, max-age is preferred
- Cookie scope:
- Domain: Domain name for setting cookies to take effect
- Path: indicates the Path where the Cookie takes effect.
- The browser checks the host and path sections before sending cookies. If the conditions are not met, the browser will not add cookies to the header of the request
- Cookie security:
- HttpOnly: Indicates that cookies can only be transmitted over HTTP, so that browser scripting attacks cannot take effect (XSS)
- SameSite: set it to “Strict” to prevent cookies from being sent across sites, and set it to “Lax” to allow secure methods like GET/HEAD instead of POST (XSRF)
- Secure: Indicates that cookies can be transmitted only through HTTPS encryption
- Cookie validity period:
- The application of the Cookie
- Identification: a user logs in to a website and uses a Cookie to represent the user. When asked again, the server gets the Cookie to know which user is operating
Second, the cache
- Meaning of cache:
Due to the high cost of HTTP resource acquisition, you can cache the obtained data to avoid multiple requests and use it directly in the next request. Then update the data when appropriate so that you can respond more quickly to the data
- How to cache:
The browser sends a request to obtain server resources. The server returns the resource and marks its expiration date. The browser cache resources and reuse them within the validity period
- How to control the cache:
- The packets sent by the server and browser contain the cache-control field for Control
- Max-age: indicates the shelf life of resources (similar to cookies). Max-age is calculated from the time when the response packet is created
- No_store: cache is not allowed
- No_cache: indicates that the cache can be used, but the cache needs to be queried before each use
- Must-revalidate: indicates that the cache can be used within the cache validity period
- Conditional requests: “cache-control” controls the flushing of data. Conditional requests Control how cached data is used
- If-modified-since: If the client sends the Last Modified time to the server, the server compares it to the actual last-modified time of the resource. If it is the same, 304 is returned (cache redirection), and the client displays the cache directly to the browser. If they are inconsistent, 200 and new are returned, and the client caches the new resource
- ETag: a unique resource identifier used by the server to resolve the problem that file changes cannot be accurately identified during resource modification
- If-none-match: The server will return an ETag on the first request. The client will put the ETag into the if-none-match field on the second request. The server will compare its ETag with the client’s 304/200 response
- The packets sent by the server and browser contain the cache-control field for Control
HTTP proxy server
- Meaning of agency:
Because the proxy is in the middle of HTTP communication, it shields real clients from upstream and servers from downstream, which adds more flexibility to THE HTTP protocol and achieves a win-win situation for both clients and servers
- The role of agency
- Load balancing: When the proxy is facing the client, multiple servers can process the request behind it. When facing a large number of concurrent requests, the proxy can use the load balancing algorithm to evenly let all servers respond to the request to avoid blocking. Common load balancing algorithms are as follows:
- Random method: use random algorithm to select the corresponding server
- Weighted randomization: Assign different weights to different servers and then randomize them
- Polling method: Allocates data to each server in turn, regardless of the actual number of server connections and the overall system load
- Weighted polling: Assign different weights to different servers and then poll them
- Source address hash: The IP address of the client is hashed and mapped to a server. Requests from the same client will always be answered by the same server
- Minimum number of connections: Dynamically selects the server with the least backlog to respond
- Heartbeat check: Monitors the server in real time and temporarily kicks out the cluster if there is a fault to ensure the stability of the cluster
- Security protection: Filters or limits IP addresses or traffic to protect back-end servers
- Data filtering: Intercepts upstream and downstream data and modifies requests and responses based on policies
- Content caching: Caching responses from the server
- Load balancing: When the proxy is facing the client, multiple servers can process the request behind it. When facing a large number of concurrent requests, the proxy can use the load balancing algorithm to evenly let all servers respond to the request to avoid blocking. Common load balancing algorithms are as follows:
- Related header fields for the proxy:
- Via: Server information (domain name/host name) is appended to this field each time an agent passes through it
- X-forwarded-for: Similar to Via, but appended to an IP address
- X-real-ip: obtains the Real IP address of the source client
- Proxy cache control:
- Private: Indicates that only clients can be cached
- Public: completely open and accessible to anyone
- Must -revalidate: Any expiration must be returned to the source server for verification
- Proxy-revalidate: the proxy cache must be validated after it expires. The client only needs to authenticate the proxy
- S-maxage: indicates the validity period of the cache
- No-transform: Data is not optimized for proxy caching
Series directory
HTTP Learning Notes (1)
HTTP Learning Notes (2)
HTTP Learning Notes (3)
HTTP Learning Notes (4)
HTTP Learning Notes (5)
HTTP Learning Notes (6)