Please Whitelist This Site?

I know everyone hates ads. But please understand that I am providing premium content for free that takes hundreds of hours of time to research and write. I don't want to go to a pay-only model like some sites, but when more and more people block ads, I end up working for free. And I have a family to support, just like you. :)

If you like The TCP/IP Guide, please consider the download version. It's priced very economically and you can read all of it in a convenient format without ads.

If you want to use this site for free, I'd be grateful if you could add the site to the whitelist for Adblock. To do so, just open the Adblock menu and select "Disable on tcpipguide.com". Or go to the Tools menu and select "Adblock Plus Preferences...". Then click "Add Filter..." at the bottom, and add this string: "@@||tcpipguide.com^$document". Then just click OK.

Thanks for your understanding!

Sincerely, Charles Kozierok
Author and Publisher, The TCP/IP Guide


NOTE: Using software to mass-download the site degrades the server and is prohibited.
If you want to read The TCP/IP Guide offline, please consider licensing it. Thank you.

The Book is Here... and Now On Sale!

Searchable, convenient, complete TCP/IP information.
The TCP/IP Guide

Custom Search







Table Of Contents  The TCP/IP Guide
 9  TCP/IP Application Layer Protocols, Services and Applications (OSI Layers 5, 6 and 7)
      9  TCP/IP Key Applications and Application Protocols
           9  TCP/IP File and Message Transfer Applications and Protocols (FTP, TFTP, Electronic Mail, USENET, HTTP/WWW, Gopher)
                9  TCP/IP World Wide Web (WWW, "The Web") and the Hypertext Transfer Protocol (HTTP)
                     9  TCP/IP Hypertext Transfer Protocol (HTTP)
                          9  HTTP Features, Capabilities and Issues

Previous Topic/Section
HTTP Security and Privacy
Previous Page
Pages in Current Topic/Section
1
23
Next Page
Gopher Protocol (Gopher)
Next Topic/Section

HTTP State Management Using "Cookies"
(Page 1 of 3)

Even though the modern Hypertext Transfer Protocol has a lot of capabilities and features, it is still, at its heart, a simple request/reply protocol. One of the unfortunate problems that results from this is that HTTP is entirely stateless. This means that each time a server receives a request from a client, it processes the request, sends a response, and then forgets about the request. The next request from the client is treated as independent of any previous ones.

Note: The persistent connection feature of HTTP/1.1 does not change the stateless nature of the protocol. Even though multiple requests and responses can be sent on a single TCP connection, they are still not treated as being related in any way.


So why is this a problem? Isn’t this what we would expect of a protocol designed to allow a client to quickly and efficiently retrieve resources from a server? Well, this is, yet again, another place where HTTP’s behavior was well-suited to its original intended uses, but not to how the Web is used today. Sure, if all we want to do is to say “hey server, please give me that file over there”, then the server doesn’t have to care about whether or not it may have previously provided that client with any other files in the past. This is how HTTP was originally intended to be used.

Today, as most of us know, the Web is much more than a simple resource-retrieval protocol. If you go to an online store, you want to be able to select a number of items to put into a “shopping cart”, and have the store’s server remember them. You might also want to participate in a discussion forum, which requires you to provide a user name and password in order to post a message. Ideally, the server should let you log in once and then remember who you are so you can post many messages without having to enter your login information each and every time. (I have used forums where the latter is required—it gets old very quickly, believe me.)

Cookies: Storing HTTP State Information

For these and other interactive applications, the stateless nature of HTTP is a serious problem. The solution was the addition of a new technology, called state management, that allows the state of a client session with a server to be maintained across a series of HTTP transactions. Initially developed by Netscape, this technique was later made a formal Internet standard in RFC 2109, later revised in RFC 2965 (HTTP State Management Mechanism). Note that this feature is actually not part of HTTP; it is an optional element, but one that has been implemented in pretty much all Web browsers due to its usefulness.

The idea behind state management is very simple. When a server implements a function that requires state to be maintained across a set of transactions, it sends a small amount of data to the Web client called a “cookie”. The cookie contains important information relevant to the particular Web application, such as a customer name, items in a shopping cart, or a user name and password. The client stores the information in the cookie, and then uses it in subsequent requests to the server that set the cookie. The server can then update the cookie based on the information in the new request and send it back to the client. In this manner, state information can be maintained indefinitely, allowing the client and server to have a “memory” that persists over a period of time.

Note: “Cookie” may seem an odd term, but is used in a few contexts to refer to a small piece of significant data—another example is found in the BOOTP/DHCP message format. Today, most knowledgeable Web users would blink at you if you mentioned the “HTTP state management mechanism” but they usually know what “cookies” are.



Previous Topic/Section
HTTP Security and Privacy
Previous Page
Pages in Current Topic/Section
1
23
Next Page
Gopher Protocol (Gopher)
Next Topic/Section

If you find The TCP/IP Guide useful, please consider making a small Paypal donation to help the site, using one of the buttons below. You can also donate a custom amount using the far right button (not less than $1 please, or PayPal gets most/all of your money!) In lieu of a larger donation, you may wish to consider purchasing a download license of The TCP/IP Guide. Thanks for your support!
Donate $2
Donate $5
Donate $10
Donate $20
Donate $30
Donate: $



Home - Table Of Contents - Contact Us

The TCP/IP Guide (http://www.TCPIPGuide.com)
Version 3.0 - Version Date: September 20, 2005

© Copyright 2001-2005 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.