HTTP Request Types
HTTP defines several request types (also known as request methods), each of which specifies how a client sends a request to a server. The two most common are get and post. These request types retrieve and send client form data from and to a Web server. A form is an XHTML element that may contain text fields, radio buttons, check boxes and other graphical user interface components that allow users to enter and submit data into a Web page. Forms can also contain hidden fields, which are not exposed as GUI components. Hidden fields are used to pass additional data not specified by the user to the form handler on the Web server. You will see examples of hidden fields later in the chapter.
A get request gets (or retrieves) information from a server. Such requests often retrieve an HTML document or an image. A post request posts (or sends) data to a server, such as authentication information or data from a form that gathers user input. Usually, post requests are used to post a message to a news group or a discussion forum, pass user input to a data-handling process and store or update the data on a server. A get request sends form data as part of the URL (e.g., www.searchsomething.com/search?query=userquery). In this fictitious request, the information following the ? (query=userquery) indicates user-specified input. For example, if the user performs a search on "Massachusetts," the last part of the URL would be ?query=Massachusetts. A get request limits the query string (e.g., query=Massachusetts) to a predefined number of characters that varies from server to server. If the query string exceeds this limit, a post request must be used.
Software Engineering Observation 19.1
|
The data sent in a post request is not part of the URL and cannot be seen by users. Forms that contain many fields often are submitted to Web servers via post requests. Sensitive form fields, such as passwords, should be sent using this request type. |
Figure 19.1 lists request types other than get and post. These methods are not frequently used.
|
Request type |
Description |
|---|---|
|
delete |
Such a request is normally used to delete a file from a server. This may not be available on some servers because of its inherent security risks (e.g., the client could delete a file that is critical to the execution of the server or an application). |
|
head |
Such a request is normally used when the client wants only the response's headers, such as its content type and content length. |
|
options |
Such a request returns information to the client indicating the HTTP options supported by the server, such as the HTTP version (1.0 or 1.1) and the request methods the server supports. |
|
put |
Such a request is normally used to store a file on the server. This may not be available on some servers because of its inherent security risks (e.g., the client could place an executable application on the server, which, if executed, could damage the serverperhaps by deleting critical files or occupying resources). |
|
TRace |
Such a request is normally used for debugging. The implementation of this method automatically returns an XHTML document to the client containing the request header information (data sent by the browser as part of the request). |
An HTTP request often sends data to a server-side form handlera program that resides on the Web server and is created by a server-side programmer to handle client requests. For example, when a user participates in a Web-based survey, the Web server receives the information specified in the form as part of the request, and the form handler processes the survey. We demonstrate how to create server-side form handlers throughout the examples in this chapter.
Browsers often cache (i.e., save on a local disk) Web pages for quick reloading, to reduce the amount of data that the browser needs to download over the Internet. Web browsers often cache the server's responses to get requests. A static Web page, such as a course syllabus, is cached in the event that the user requests the same resource again. However, browsers typically do not cache the responses to post requests, because subsequent post requests might not contain the same information. For example, in an online survey, many users could visit the same Web page and respond to a question. The page could also display the survey results. Each new response changes the overall results of the survey, so any requests to view the survey results should be sent using the post method. Similarly, the post method should be used to request a Web page containing discussion forum posts, as these posts may change frequently. Otherwise, the browser may cache the results after the user's first visit and display these same results for each subsequent visit.