Non C++ Stuff

This is stuff you will undoubtedly be expected to know something about these days

HTTP GET vs. POST

With the ubiquity of web interfaces these days, this is a good one to know.

GET

Simple GET to request a resource.

User types this into browser:

http://groups.google.com/group/austin.food?lnk=li

Browser sends

GET /group/austin.food?lnk=li HTTP/1.1 Host: groups.google.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; ...[snipped] Accept: text/xml,application/xml,application/xhtml+xml, ...[snipped] Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 300 Connection: keep-alive Cookie: PREF=ID=09b3ab9890a1bb75:TM=1118075078: ...[snipped]

Note there are no Content-Type or Content-Length headers, since there is no "cargo" being sent.

Server responds with

HTTP/1.x 200 OK Pragma: no-cache Expires: Fri, 01 Jan 1990 00:00:00 GMT Cache-Control: no-cache, must-revalidate Set-Cookie: SID=DQAAAHQAAACxqjcHuLIt1eZjWk ...[snipped] Set-Cookie: PREF=ID=09b3ab9890a1bb75:TM=1118075078: ...[snipped] Content-Type: text/html; charset=UTF-8 Content-Encoding: gzip Server: GWS-GRFE/0.40 Content-Length: 10095 Date: Thu, 01 Dec 2005 16:44:31 GMT (html here)

Sending data to a web server using GET

This can be accomplished in the client in two ways. Both ways result in the same HTTP message being sent to the server.

Using a form, set the method to get: <form action="/" method="get">

GET /?nombre=aa&url=&mensaje=a&button=Ok HTTP/1.1 Host: www.whatever.com User-Agent: Mozilla/5.0 (Windows; U; ...[snipped] Accept: text/xml,application/xml ...[snipped] Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 300 Connection: keep-alive Referer: http://www.whatever.com/

OR...

Appending the data to the URL: http://www.whatever.com/?nombre=x&url=&mensaje=x&button=Ok

GET /?nombre=x&url=&mensaje=x&button=Ok HTTP/1.1 Host: www.whatever.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; ...[snipped] Accept: text/xml,application/xml,application/xhtml+xml ...[snipped] Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 300 Connection: keep-alive
On the client

You can see that the HTTP generated by the browser is identical either way. If user reloads the page, the request will occur again w/o the browser asking if the user wants to post data again. This is one reason it is recommended that a GET should never alter data on the server.

On the server

The cgi program receives the post data (x=y&a=b) in the environment variable QUERY_STRING. Also, length of data sent to server is limited.

POST

User fills in form online and submits

Browser sends

POST / HTTP/1.1 Host: www.whatever.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; ...[snipped] Accept: text/xml,application/xml,application/xhtml+xml,text/html; ...[snipped] Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 300 Connection: keep-alive Referer: http://www.whatever.com/ Content-Type: application/x-www-form-urlencoded Content-Length: 33 nombre=x&url=&mensaje=x&button=Ok

Server responds with (this is a redirect I think)

HTTP/1.x 302 Found Date: Thu, 01 Dec 2005 16:57:25 GMT Server: Apache Location: http://www.whatever.com/ Content-Length: 212 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=iso-8859-1
On the server

The cgi program receives the post data ("nombre=x&url=&mensaje=x&button=Ok") as standard input. Also, length of data sent to server is unlimited.

So, to summarize the differences between sending data to a server using GET vs POST:

GET

  • Can send via form or via url
  • Server cgi process receives data in environment variable QUERY_STRING
  • Length of data that can be sent is limited
  • No Content-Length or Content-Type headers sent
  • HTTP: "GET / HTTP/1.1"
  • Reload of browser page by user results in sending data to server again
  • Can avoid the above by having the cgi issue a redirect after doing its processing

POST

  • Can only send via form (no way to "fake" a post using just a URL)
  • Server cgi process receives data via stdin
  • Length of data sent is unlimited
  • Content-Length & Content-Type headers sent
  • HTTP: "POST / HTTP/1.1"
  • Reload of browser page by user results in browser asking if user wants to resubmit post data
  • Can avoid the above by having the cgi issue a redirect after doing its processing