Web Fundamentals

How do we load websites

Finding the Server

Initially, a DNS request is made. DNS is like a giant phone book that takes a URL and turns it into an IP address. The IP address uniquely identifies each internet connected device, like a web server on your computer. These are formed of 4 groups of numbers , each 0-255 (x.x.x.x) and called an octet.

Loading some content

Once the browser knows the server's IP address, it can ask the server for the web page. This is done with a HTTP GET request. GET is an example of a HTTP verb. The server will respond to the GET request with the web page content.

For most websites now, these requests will use HTTPS. HTTPS is a secure (encrypted) version of HTTP, it works in more or less the same way. This uses TLC 1.3 (normally) encryption in order to communicate without:

  • Other parties being able to read the data

  • Other parties being able to modify the data

More HTTP - Verbs and request formats

Requests

There are 9 different "verbs", also known as methods. Each one has different function. We've mentioned GET requests already, these are used to retrieve content. POST requests ae used to send data to a web server, like adding a comment or performing a login.

Responses

A basic breakdown of the status codes is:

  • 100-199: Information

  • 200-299: Successes (200 OK is the "normal" response for a GET)

  • 300-399: Redirects (the information you want is elsewhere)

  • 400-499: Client errors (You did something wrong, like asking for something that doesn't exist)

  • 500-599: Server errors (The server tried, but something went wrong on their side)

Response headers can be very important. They can often tell you something about the web server sending them, or give you cookies that may prove useful later on.

Cookies, tasty!

Cookies are small bits of data that are stored in your browser. Each browser will store them separately, so cookies in Chrome won't be available in Firefox. Main purposes are session management or advertising. Cookies are normally sent with every HTTP request made to the server.

Because HTTP is stateless (Each request is independent and no state is tracked internally), cookies are used to keep track of this. They allow sites to keep track of data like what items you have in your shopping cart, who you are, what you've done on the website and more.

Cookies can be broken down into several parts. Cookies have a name, a value, an expiry data and a path. The name identifies the cookie, the value is where data is stored, the expiry data is when the browser will get rid of the cookie automatically and the path determines what requests the cookie will be sent with. Cookies are normally only sent with requests to the site that set them. The server is normally what set cookies, and these come in the response headers ("Set-Cookie").

When you log in to a web application, normally you are given a Session Token. This allows the web server to identify your requests from someone else's. Stealing someone else's session token can often allow you to impersonate them.

Last updated