All web communications use the same protocol HTTP. Latest version of HTTP is 1.1 released in 1999. A HTTP communication consists of two phases: a request (from client to server) and a response (from server to client). In both the request and response phases, the unit of communication contains two parts: one is the header and the other is the body part.
The format for a HTTP request is shown below:
HTTP-request-method Resource-path HTTP-version
Body of the request
Among the HTTP request methods mentioned above, GET and POST are the most frequently used methods. After the first line, the request message contains request header, which contains different fields known as the header fields. Each header field is a key-value pair. The format of a header field is header field name followed by a colon and a value.
Some of the frequently used header fields are: Accept (which specifies the MIME types supported by the browser), Host (which specifies the name of the host), Content-length (which specifies the no of characters in the body of the request message).
Below is an example which shows a live example of HTTP request message and HTTP response messages:
The general format of a HTTP response is shown below:
Body of the response
The status line contains information like HTTP version, Status code and Short message corresponding to the status code. Well known status codes and corresponding status messages are 200 (success), 301 (redirection), 404 (Page not found) and 500 (Internal server error).
After the first line (status line), a response message contains a set of fieldswhich is known as the response header. Frequently used fields in the response header are: Server (which specifies information about the web server), Last-modified (which specifies the date on which the requested resource was last modified), Content-length (which specifies the length of the content in the body of the response message) and Content-type (which specifies the MIME type of the content in the body part of the response message).
Difference between HTTP GET and POST:
Although the HTTP and GET and POST can be used to send requests (data) to a web server, there are some subtle yet, important differences between them which are specified below:
- The data sent through GET request can be seen by the user in the address bar of the browser, as the data will be sent as a query string. In a POST request, the data sent by the user is hidden.
- HTTP GET is less secure (refer to the first difference) when compared to HTTP POST.
- Web servers will have limited buffer size (typically 512 bytes) for receiving the query string sent by the user using HTTP GET. If data sent by the user exceeds the buffer size, the data may be truncated or the server might crash or the server might be led to run some hidden code as part of the query string data. The last case is the so-called buffer overflow problem, a common way used by the hackers to take control of the servers and spread virus and worms. There are no restrictions on the amount of data that can be sent using HTTP POST.