The document discusses stateless and stateful protocols. It provides HTTP and FTP as examples. A stateless protocol like HTTP does not store transaction information between requests, simplifying server design but requiring additional information in each request. Stateful protocols like FTP can remember transaction details like the identity of a client downloading files. The document also discusses how HTTP uses cookies and sessions to simulate state on stateless connections, allowing servers to recognize returning clients through the data stored in cookies.

1. P R E S E N T E D B Y :
D U R L A B H G I R I P U N J E
A M I T K U M A R S I N G
S A M I T K U M A R K A P A T
A S H I F K H A N
Stateless Protocol
HTTP Request & Response Cycle
Cookie, Session

2. Stateless Protocol
• A protocol which is incapable of remembering the
results and data associated with the transactions it
governs.
• The best - known stateless protocol is the
HYPERTEXT TRANSFER PROTOCOL (HTTP).

3. Stateful Protocol
• A protocol which is able to remember and store
details of the transactions which it governs.
• A good example of such a protocol is the FILE
TRANSFER PROTOCOL (FTP) which, for example,
remembers the identity of the client that is using it to
DOWNLOAD files.

4. Stateless Protocol:
Advantage & Disadvantage
 Advantage:
The stateless design simplifies the server design
because there is no need to dynamically allocate
storage to deal with conversations in progress.
 Disadvantage:
A disadvantage is that it may be necessary to include
additional information in every request and this extra
information will need to be interpreted by the server.

5. Working of Stateless Protocol

7. The most interesting pieces of information contained in the
request are:
The IP address of you and/or your HTTP proxy
Which document you requested
Which version of which browser you're using
Which page you came from to get here (if you
followed a link)
Your preferred language(s)

9. COOKIE
What is Cookie?
 It is a piece of text stored by a user's web browser.
 Cookie Types
 By Lifespan
- Session Cookies
- Persistent Cookies

10. Setting a cookie
Host: www.example.org
browser → server
Content-type: text/html
Set-Cookie: name=value
(content of page)
browser ← server
Host: www.example.org
Cookie: name=value
Accept: */*
browser → server

11. Set a cookie
setcookie(name [,value [,expire [,path [,domain
[,secure]]]]])
name = cookie name
value = data to store (string)
expire = when the cookie expires. Default is that cookie
expires when browser is closed.
path = Path on the server
domain = Domain at which the cookie is available for.
secure = If cookie should be sent over HTTP connection
only. Default false.
Set-Cookie: name=newvalue; expires=date; path=/; domain=.example.org.
Set-Cookie: RMID=732423sdfs73242; expires=Fri, 31-Dec-2010 23:59:59
GMT; path=/; domain=.example.net

12. Advantage And Disadvantage of
Cookies
 Advantage
 Acts as your identification card
 It maintain the session between the client and
server
 Page will be displayed quickly
 Disadvantage
 Use as a spyware
 Storage

13. Some facts of Cookie…
Each cookie on the user’s computer is connected to a
particular domain.
Each cookie be used to store up to 4kB of data.
A maximum of 20 cookies can be stored on a user’s
PC per domain.
Browsers are preprogrammed to allow a total of 300
Cookies, after which automatic deletion based on expiry
date and usage

14. Session
In computer science, in particular networking, a session is a semi-
permanent interactive information interchange.
It is also known as:-
Dialogue
Conversation or meeting.
A session is between :-
Two or more communicating devices
A computer and user

15. A session may be implemented as part of protocols and services at the
Application layer
Ex-HTTP Sessions, TELNET remote login sessions
Session layer
A session initiation protocol based internet phone call
Transport layer
A TCP session which is synonyms of TCP connection or established
TCP sockets.

16. Types of session
Session implemented using software
TCP sessions are typically implemented in software using
multithreading.
A new process or thread is created when the computer establishes or
joins a Session.
The advantage with multiple processes or threads is relaxed
complexity of the software, since each thread is an instance with its
own history and encapsulated variables.
The disadvantage is large overhead in terms of system resources, and
that the session may be interrupted if the system is restarted.

17. Server side web
sessions
Server-side sessions are handy and efficient, but can become difficult to
handle in conjunction with load-balancing/high-availability systems and
are not usable at all in embedded systems with no storage.
The load-balancing problem can be solved by using shared storage.
A method of using server-side sessions in systems without mass-storage
is to reserve a portion of RAM for storage of session data.
This method is applicable for servers with a limited number of clients
(e.g. router or access point with infrequent or disallowed access to more
than one client at a time).

18. Client side web sessions
Client-side sessions use cookies and cryptographic techniques to maintain
state without storing as much data on the server.
When presenting a dynamic web page, the server sends the current state data
to the client (web browser) in the form of a cookie.
The client saves the cookie in memory or on disk.
With each successive request, the client sends the cookie back to the server,
and the server uses the data to "remember" the state of the application for that
specific client and generate an appropriate response.
To improve efficiency and allow for more session data, the server may
compress the data before creating the cookie, decompressing it later when the
cookie is returned by the client.

19. HTTP session
token
A session token is a unique identifier that is generated and sent from
a server to a client to identify the current interaction session.
The client usually stores and sends the token as an HTTP cookie and/or
sends it as a parameter in GET or POST queries.
The reason to use session tokens is that the client only has to handle the
identifier—all session data is stored on the server (usually in a database, to
which the client does not have direct access) linked to that identifier.

20. Thank You