Skip to main content

http

When preparing for a software engineering interview, understanding HTTP (Hypertext Transfer Protocol) is essential. Here are 15 key points that you should be familiar with:

  1. HTTP is Stateless: HTTP does not maintain state between requests. Each request is independent.

  2. HTTP Methods: Know the common HTTP methods like GET, POST, PUT, DELETE, PATCH, and their usage.

  3. Status Codes: Familiarize yourself with HTTP status codes categories (1xx, 2xx, 3xx, 4xx, 5xx) and common codes like 200 OK, 301 Moved Permanently, 404 Not Found, 500 Internal Server Error.

  4. Headers: Understand what HTTP headers are and common headers like Content-Type, Authorization, Accept, Cache-Control, etc.

  5. Persistent Connections: HTTP/1.1 supports persistent connections, allowing multiple requests and responses over a single connection to reduce latency.

  6. HTTPS: Know about HTTPS (HTTP over TLS/SSL), which encrypts the request and response, securing the data from man-in-the-middle attacks.

  7. Cookies: Cookies are used to maintain state and can be set via the Set-Cookie header from the server and sent back by the browser in the Cookie header.

  8. Sessions: While HTTP is stateless, sessions can be used to store data across multiple requests.

  9. Caching: Understand HTTP caching headers and their impact on content freshness and loading times.

  10. Content Negotiation: This is the process where the server selects the best representation of a resource based on the client’s preferences indicated in request headers like Accept, Accept-Language, Accept-Encoding.

  11. Idempotent Methods: Idempotent HTTP methods (like GET, PUT, DELETE) have the same effect no matter how many times the request is repeated.

  12. Safe Methods: HTTP methods like GET and HEAD are considered safe because they're intended only for retrieving data and should not change the server's state.

  13. HTTP/2: Be aware of HTTP/2 improvements over HTTP/1.1, like binary framing, multiplexing, server push, header compression, and more.

  14. Request/Response Model: Understand the request-response cycle in HTTP, including how a typical HTTP request and response look.

  15. RESTful APIs: Know the principles of RESTful API design, which is based on HTTP methods and stateless client-server communication.

These points cover the fundamentals of HTTP that could be brought up in an interview setting. Make sure you can also discuss each with a level of depth; for example, explain when to use a 302 Found status code versus a 307 Temporary Redirect, or the implications of the same-origin policy on HTTP requests.

HTTP is Stateless

HTTP being stateless means that each HTTP request is executed independently without any knowledge of the requests that came before it. This means that the server does not inherently remember anything about the user between different requests. However, web applications often need to maintain state through mechanisms such as cookies, server-side sessions, or tokens.

Example: When you log into a website, it usually sets a cookie in your browser. For subsequent requests, your browser sends this cookie back to the server, allowing the server to create a "session" for you.

HTTP Methods

HTTP defines a set of request methods to indicate the desired action to be performed for a given resource. Here's an overview:

  • GET: Requests data from a specified resource. GET requests should only retrieve data and should have no other effect on the data.

    Example: GET /users might retrieve a list of users.

  • POST: Submits data to be processed to a specified resource. POST requests can also be used to create new resources.

    Example: POST /users with a user's data in the request body could be used to create a new user.

  • PUT: Replaces all current representations of the target resource with the uploaded content.

    Example: PUT /users/123 with a user's data could update the details of user 123.

  • DELETE: Removes all current representations of the target resource given by a URI.

    Example: DELETE /users/123 would delete user 123.

  • PATCH: Applies partial modifications to a resource.

    Example: PATCH /users/123 with just the user's email in the request body could update just the email of user 123.

Status Codes

HTTP response status codes indicate whether a specific HTTP request has been successfully completed. Responses are grouped in five classes:

  • 1xx (Informational): The request was received, continuing process.

    Example: 100 Continue indicates that the server has received the request headers, and the client should proceed to send the request body.

  • 2xx (Successful): The request was successfully received, understood, and accepted.

    Example: 200 OK is the standard response for successful HTTP requests.

  • 3xx (Redirection): Further action needs to be taken in order to complete the request.

    Example: 301 Moved Permanently means that the resource has been permanently moved to a new URL, provided by the Location header.

  • 4xx (Client Error): The request contains bad syntax or cannot be fulfilled.

    Example: 404 Not Found means that the requested resource could not be found on the server.

  • 5xx (Server Error): The server failed to fulfill an apparently valid request.

    Example: 500 Internal Server Error indicates a generic server error when the server could not fulfill the request due to an unexpected condition.

Headers

HTTP headers allow the client and the server to pass additional information with the request or the response. Some common HTTP headers include:

  • Content-Type: Indicates the media type of the resource or the data being sent.

    Example: Content-Type: application/json tells the server that the body of the request is JSON.

  • Authorization: Contains the credentials to authenticate a user-agent with a server.

    Example: Authorization: Bearer YOUR_TOKEN_HERE provides an authentication token.

  • Accept: Informs the server about the types of media that the client can process.

    Example: Accept: application/json tells the server that the client expects JSON.

  • Cache-Control: Directives for caching mechanisms in both requests and responses.

    Example: Cache-Control: no-cache tells the cache that the response must be revalidated before being served.

These headers play a crucial role in the functionality of HTTP and the communication between client and server.

5. Persistent Connections

HTTP/1.1 introduced the concept of persistent connections, also known as keep-alive connections, which allow multiple requests and responses between a client and server to be sent over a single TCP connection without closing it after each transaction. This reduces the overhead of establishing a new connection for each request and can significantly improve the performance of web transactions.

Example: In HTTP/1.1, all connections are considered persistent unless declared otherwise. The Connection: keep-alive header is often included to explicitly indicate the desire for a persistent connection.

6. HTTPS

HTTPS stands for Hypertext Transfer Protocol Secure. It combines the HTTP protocol with TLS (Transport Layer Security) or SSL (Secure Sockets Layer) protocols to provide encrypted communication and secure identification of a network web server. HTTPS protects the integrity and confidentiality of data between the user's computer and the site.

Example: When you visit a website with HTTPS, the site is authenticated with a digital certificate, and all data transferred between your browser and the site is encrypted.

7. Cookies

Cookies are small pieces of data that a server sends to the user's web browser. The browser may store it and send it back with subsequent requests to the same server. Typically, it's used to tell if two requests came from the same browser — keeping a user logged-in, for instance.

Example: The Set-Cookie: sessionid=xyz123; Path=/; Expires=Wed, 09 Jun 2021 10:18:14 GMT header from a server response sets a cookie on the client's browser, which will be sent back to the server with every request to the domain.

8. Sessions

Sessions are server-side storages that web servers use to store user-related data. Unlike cookies, session data is not sent with every browser request but is instead kept on the server. The server sends a session identifier to the client and the client sends it back with each request.

Example: Session data can be stored in various ways on the server-side, like in a file, a database, or in-memory storage. The client typically retains a session ID (often in a cookie) that is used to fetch session data on subsequent requests.

9. Caching

Caching is a mechanism to store copies of files or responses in a cache, or temporary storage location, so that future requests for that data can be served faster. HTTP defines several caching headers that control how, when, and for how long the response should be cached.

Example: The Cache-Control: max-age=3600 header tells the client that the response can be cached and is considered fresh for 3600 seconds (1 hour). After that, the cache must revalidate the content.

10. Content Negotiation

Content negotiation is the process where the server selects an appropriate response based on the client's request headers and server's capabilities. It allows a server to serve different versions of a resource (like different formats or languages) based on the client's preferences.

Example: If a client sends Accept: text/html, the server will send HTML content. If another client sends Accept: application/json, it will receive JSON-formatted content if the server supports both.

GET /resource HTTP/1.1
Host: example.com
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5

In this example, the client expresses a preference for HTML, XHTML, or XML, with HTML being the most preferred and a wildcard as the least preferred. The server will then determine the best content type to send based on this preference.