HTTP (Hypertext Transfer Protocol)

HTTP (Hypertext Transfer Protocol) is a protocol used for transmitting data over the internet. It is the foundation of the World Wide Web and enables the communication between web browsers and servers. 

When a user requests a web page using a browser:

1. The browser sends an HTTP request to the server where the web page is hosted. 
2. The server then responds with the requested web page and any associated resources, such as images, in the form of an HTTP response. 

This exchange of requests and responses is the foundation of how the web works and is at the centre of web development.

The two properties of the HTTP protocol listed below drive the development of other tools and techniques, such as caching mechanisms, security protocols, and content delivery networks, which help optimize the performance and functionality of HTTP-based systems.

1. Stateless
2. Text-based

Stateless

Being "stateless" means the HTTP protocol does not maintain any information about the client or previous requests and responses between different requests. Each request and response is independent, and the server does not retain any knowledge of the client's state.

Authentication is a process of identifying the user, which is typically done by requesting a username and password. Because HTTP is stateless, the server cannot rely on the client's state to keep track of whether a user is logged in or not. To maintain the state, several methods have been developed, such as:

• Cookies: Cookies are small text files that are stored on the client's computer by the server. They can be used to store information, such as a user's login state so that the server can remember the user between requests.
• Tokens: Tokens are random strings that are generated by the server and sent to the client, usually in the form of an HTTP header. Tokens can be used to authenticate the client on subsequent requests by sending the token back to the server.
• Session: Sessions are a way of storing the state on the server side, where a unique session ID is created for each user when he logs in. That session ID is sent to the client with each request, and the server uses that to identify the client and retrieve the associated session data.

All these methods help maintain the state of the authentication process and allow the server to identify the user between requests even though the HTTP protocol is stateless.

Text-based

HTTP is a text-based protocol, which means that the requests and responses are sent in the form of plain text. The text format is human-readable and easy to understand, but it also means that the information can be read by anyone who intercepts the request or response.

To handle security, several methods have been developed, such as:

• HTTPS: HTTP Secure (HTTPS) is an extension of HTTP that uses Transport Layer Security (TLS) or Secure Sockets Layer (SSL) to encrypt the data being sent over the network. This ensures that the information cannot be read by anyone who intercepts the request or response.
• Authentication and Authorization: Authentication is the process of identifying the user, typically done by requesting a username and password. Authorization is the process of determining what actions a user is allowed to perform. Both authentication and authorization can be used to restrict access to sensitive information.
• Input validation: Input validation is the process of checking that the data received from the client is in the expected format. This can help to prevent malicious data from being processed by the server.
• Using tokens or session IDs: Using tokens or session IDs, as mentioned above, can also add an extra layer of security, as they can be used to identify the client and retrieve the associated session data.

These methods help protect the data being sent and received over the network and prevent unauthorized access to sensitive information.

It's important to note that even HTTPS does not guarantee total security, it's just an encryption layer on top of the HTTP protocol, and it can still be vulnerable to attacks such as MITM(Man-in-the-middle) attacks, which is why it's recommended to use it in conjunction with other security measures.

HTTP Response Codes

HTTP Response Codes are fundamental artefacts in client-server communication under the HTTP protocol. They provide a standardized way for the server to communicate the status of a request to the client and are grouped into five classes based on the first digit of the code. These classes provide a general indication of the status of the request, including whether it was successful, if further action is required, or if there was an error. The HTTP response codes are crucial for ensuring the reliability and functionality of HTTP-based systems, as they allow the client to make informed decisions about how to proceed based on the status of the request. Understanding the different classes of HTTP response codes and their meanings is essential for developing and maintaining successful HTTP-based systems.

HTTP Response Codes are grouped into five classes:

1. 1xx Informational: These codes indicate that the request has been received and is being processed.
2. 2xx Success: These codes indicate that the request was successful and that the server has returned the requested information.
3. 3xx Redirection: These codes indicate that further action is required from the client in order to complete the request.
4. 4xx Client Error: These codes indicate that there was an error with the client's request, such as a malformed request or missing credentials.
5. 5xx Server Error: These codes indicate that there was an error with the server while processing the request, and the client should try again later.

HTTP2

HTTP 1.1 is the most widely used version of the HTTP protocol and includes features such as persistent connections, caching, and support for multiple request methods (e.g. GET, POST, etc.).

HTTP 2 is an improvement over HTTP 1.1. It was designed to address some of the shortcomings of the earlier version, such as high latency and head-of-line blocking. It introduces new features like:

• Binary framing: instead of sending the text-based request, it sends binary-based requests, which is more efficient.
• Multiplexing: allows multiple requests to be sent over a single connection at the same time, which eliminates head-of-line blocking and reduces latency.
• Server Push: this allows the server to proactively send resources to the client without the client having to request them.
• Header compression: compresses the headers to reduce the size of the data that needs to be sent over the network.

HTTP/2 introduced several new features and improvements that have made some tools and techniques of web development obsolete or less necessary. Some examples include:

• Image sprites: Image sprites are a technique used to combine multiple images into a single file to reduce the number of HTTP requests required to load a web page. With HTTP/2's support for multiplexing, the need for image sprites has been reduced, as it is now possible to load multiple resources simultaneously over a single connection.
• Domain sharding: Domain sharding is a technique used to spread resources across multiple domains in order to work around the limitations of the maximum number of connections that can be opened to a single domain. With HTTP/2's support for multiplexing, the need for domain sharding has been reduced, as it is now possible to load multiple resources simultaneously over a single connection.
• Inlining resources: Inlining resources is a technique used to include small resources, such as CSS and JavaScript, directly in the HTML code to reduce the number of HTTP requests required to load a web page. With HTTP/2's support for server push, the need for inlining resources has been reduced, as the server can now proactively send resources to the client without the client having to request them.
• Concatenation: Concatenation is a technique used to combine multiple CSS and JavaScript files into a single file to reduce the number of HTTP requests required to load a web page. With HTTP/2's support for multiplexing, the need for concatenation has been reduced, as it is now possible to load multiple resources simultaneously over a single connection.

It's important to note that these techniques are not completely useless, but with the advent of HTTP2, they're not as critical as they used to be.