Sessions
HTTP is a network transmission protocol that transfers hypertext files. It provides instructions
for communication between the client and the server. HTTP runs on the Transmission Control
Protocol/Internet Protocol (TCP/IP) suite, which is the foundation protocol suite for the Internet.
###Structure of an HTTP Message
An HTTP header is an Internet protocol containing instructions to transfer information between a Web
client and a Web server. The instruction can either be a request sent by the client to the server for some
resource or a response from the server to a client request. There are two types of headers namely,
request headers and response headers.
The format for request and response headers is similar and contains the following structure or
components:
A request or a response line
HTTP header line
A blank line
A message body, which is optional
The format of an HTTP message is as follows:
<initial line, different for request vs. response>
Header1: value1
Header2: value2
Header3: value3
Blank line
<optional message body, like file contents or query data>
###Initial Request or Response Line
The first part of an HTTP header, which is a request or a response line, differs in format.
A request line contains the following information separated by spaces:
An HTTP method name
The address or path of the requested resource. It is also called the Uniform Resource Identifier
(URI)
The HTTP version being used
Code Snippet displays an initial line with a request message
Code Snippet
GET /sample.html HTTP/1.1
The code uses the HTTP method, GET, to request for a sample.html file for an HTTP client of version
1.1. The HTTP version is always specified in 'HTTP/x.x' upper case format.
A response line consists of the following three components separated by spaces
The HTTP version
A response code indicating the result of the request
An English phrase describing the response code
Code Snippet displays an initial line with a response message.
HTTP/1.0 500 Internal Server Error
where,
HTTP/1.0 - specifies the HTTP version
500 - specifies the response code
Internal Server Error - specifies the description of the response code
###Header Lines
The header lines provide information about the request or response or the data sent in the message
body.
The syntax for a header line is as follows:
Syntax:
Header-Name: value
HTTP headers are classified into the following categories:
Is used to control the processing of a message and provide extra information to the
receiver. They are not specific to any request or response message.
Provides information about the entity, if present in the body of a request.
Provides the server with details about the client's request and enables the
client to have control on the processing of requests. On receiving the request, the server returns
the response header attached with the response being sent. The headers are specific for request
or response messages.
Code Snippet displays HTTP header lines.
Code Snippet
GET /sample.html HTTP/1.1
User-agent: Mozilla/4.0
Last-Modified: Mon, 11 Apr 2011 23:07:07 GMT
Accept-Language: en
[ blank line above ]
where,
is the initial request line that specifies GET as the method, the requested file name and the
version of HTTP used
is a header line that specifies the name of the browser and the version
is a header line that specifies the date and time when the resource was last
modified
is a header line that specifies the language preference as English6.4
The third and an optional component of an HTTP header is the message body that appears after the
header lines. In a response message, the requested resource is returned to the client in the message
body. In a request message, the message body will contain user data and uploaded files that are sent to
the server.
In PHP, the header() function is used to generate the HTTP headers. The header() function sends
the HTTP commands to the server through HTTP protocols. After the execution of header() function, it
displays a blank line showing that the header information is complete.
To use a header() function, the syntax is as follows:
Syntax:
void header( string string [,bool replace [,int http_response_code]] )
where,
is a required parameter and specifies the header string to be sent
is an optional parameter. Indicates whether the header should replace the previous or
add a second header.
Code Snippet displays the use of an authentication header
Code Snippet
<?php
header('WWW-Authenticate: Negotiate');
?>
Authentication helps to identify if a client is allowed to access to a resource. It is a means of negotiating
access to a secure resource.
The initial request from a client will not contain any authentication information. An HTTP server application
can deny the request indicating that authentication is required. The server application then sends
WWW-Authentication headers with the supported authentication schemes. The commonly used
authentication schemes are as follows:
sends an encoded string that contains a user name and password
for the client
is a challenge-response scheme. The server sends a data string
to the client as a challenge. The client responds with a user name and password, among other
additional information.
is a challenge-response scheme that uses Windows credentials to
transform the challenge data instead of sending the unencoded user name and password details.
This scheme requires multiple exchanges between the client and server.
has the following protocols:
Kerberos
NT LAN Manager (NTLM)
The Negotiate scheme selects between Kerberos and NTLM depending on their availability.
