Key Concepts of Web and Network Protocols: GET/POST, DNS, Idempotence, Cookies vs Session, TCP Handshake, HTTP, and HTTPS

GET and POST Differences

GET sends query strings in the URL (e.g., /test/demo_form.asp?name1=value1&name2=value2) and can be cached, stored in browser history, bookmarked, but should not be used for sensitive data and has length limits.

GET requests can be cached.

GET requests appear in browser history.

GET requests can be bookmarked.

GET should not be used for sensitive data.

GET has length restrictions.

GET is intended only for data retrieval.

POST sends data in the HTTP message body (e.g., POST /test/demo_form.asp HTTP/1.1 Host: w3schools.com name1=value1&name2=value2).

POST requests are not cached.

POST requests do not appear in browser history.

POST cannot be bookmarked.

POST has no length limitation for data.

Protocols Used by DNS

DNS uses both TCP and UDP.

UDP packets are limited to 512 bytes; larger queries trigger the TC flag and switch to TCP.

Zone transfers use TCP because they involve larger data volumes and require reliable delivery.

Typical name resolution uses UDP because most responses are under 512 bytes, avoiding the overhead of TCP's three‑way handshake.

Idempotence

An idempotent operation yields the same effect no matter how many times it is executed with the same parameters; idempotent functions return identical results without altering system state.

Cookies vs Session Differences

Cookies store small amounts of data on the client side (e.g., user ID, preferences) as text files, while a session is created on the server and identified by a session ID usually transmitted via a cookie.

The server tracks the user with a session ID; the client sends this ID back in subsequent requests using the Set‑Cookie header.

Causes of TCP Sticky (Coalescing) and Fragmentation

Application writes more bytes than the socket send buffer.

TCP segmentation based on MSS (Maximum Segment Size).

IP fragmentation when Ethernet payload exceeds the MTU.

Strategies to Solve TCP Sticky/Fragmentation

Fixed‑length messages (e.g., 100 bytes).

Delimiter characters at the end of each message (e.g., CRLF as in FTP).

Message header indicating length.

Complex protocols such as RTMP.

Three‑Way Handshake

1. Client sends SYN (syn=j) and enters SYN_SEND.

2. Server replies with SYN‑ACK (ack=j+1, syn=k) and enters SYN_RECV.

3. Client sends ACK (ack=k+1) and both sides reach ESTABLISHED.

Four‑Way Termination

Client sends FIN → FIN_WAIT1.

Server ACKs → CLOSE_WAIT (client moves to FIN_WAIT2).

Server sends FIN → LAST_ACK.

Client ACKs → TIME_WAIT, then closes; server moves to CLOSED.

The TIME_WAIT state lasts for 2 MSL (about 60 s on Linux) to ensure the final ACK can be retransmitted if lost.

Complete HTTP Request Process

Domain name resolution → TCP three‑way handshake → HTTP request over the established TCP connection → Server response with HTML → Browser parses HTML and requests embedded resources (JS, CSS, images) → Browser renders the page.

Long Connections (Keep‑Alive)

Both HTTP/1.0 and HTTP/1.1 support persistent connections; HTTP/1.0 requires the "Connection: keep-alive" header, while HTTP/1.1 enables it by default. The client sends a request with this header, the server echoes it, and the TCP connection remains open for subsequent requests.

How TCP Guarantees Reliable Transmission

Three‑way handshake.

Segmentation into appropriately sized data blocks.

Timeout and retransmission.

Acknowledgments for received data.

Checksum validation and discarding corrupted segments.

Reordering out‑of‑sequence packets.

Discarding duplicate data.

Flow control using receiver window.

Congestion control to reduce sending rate during network congestion.

Detailed Introduction to HTTP

HTTP (Hyper Text Transfer Protocol) transfers hypertext from web servers to browsers.

Characteristics

Simple and fast: request method and path are sent; common methods include GET, HEAD, POST.

Flexible: any data type can be transferred, indicated by Content‑Type.

Stateless: each request is independent.

Supports B/S and C/S models.

Request Message

Request line (method, resource, HTTP version).

Headers (e.g., Host, User‑Agent).

Blank line.

Optional body.

Response Message

Status line (HTTP version, status code, reason phrase).

Headers.

Blank line.

Body.

Status Codes

200 OK

301 Moved Permanently

302 Found

400 Bad Request

401 Unauthorized

403 Forbidden

404 Not Found

500 Internal Server Error

503 Service Unavailable

HTTP Methods

GET – retrieve a resource.

POST – submit data to a resource.

HEAD – retrieve headers only.

PATCH – partially modify a resource.

PUT – replace a resource.

DELETE – remove a resource.

Difference Between URI and URL

A URI (Uniform Resource Identifier) uniquely identifies a resource; it consists of a naming mechanism, host name, and resource path.

A URL (Uniform Resource Locator) is a specific type of URI that also provides the means to locate the resource, typically including protocol, host IP (or domain), and path.

Differences Between HTTPS and HTTP

HTTPS requires a certificate from a CA (usually paid).

HTTP transmits data in plain text; HTTPS adds SSL/TLS encryption.

Different default ports: 80 for HTTP, 443 for HTTPS.

HTTPS combines SSL/TLS with HTTP for secure, authenticated communication.

How HTTPS Ensures Secure Data Transmission

HTTPS inserts SSL/TLS between TCP and HTTP, using symmetric encryption, asymmetric encryption, and certificates to provide authentication, confidentiality, and integrity.

Authenticate client and server.

Encrypt data to prevent eavesdropping.

Maintain data integrity during transmission.