Most of my interactions in the past with customers, web developers and some of my prior colleagues, I have found that a larger percentage of them don't have a good understanding of how HTTP protocol works. This could be due to various reasons; some of them could be like

• Coming from windows application development background.
• Not getting enough time to go through the details due to project deadlines.
• Too difficult to get the meat out of HTTP RFC document because it’s too much to read.

This results in lot of confusions and also leads to low performance application development. So I thought I would help the readers of putting those confusions to rest and explain all these in simple and effective way. So, in essence this article is no rocket science, but HTTP basics which most of those HTTP/IIS experts left out thinking that it would not be necessary to be explained (Or maybe its there but I missed noticing it).

Is HTTP a popular protocol, Oh really?

The popularity of HTTP protocol is simply because it's a simple protocol when you try to understand it from grass root level. Because of the simplicity (huh, I think due to recent developments people have made it a little complex) HTTP is used extensively not just for serving HTML pages but in order to empower several applications to make it work on the web.

How does a simple HTTP response look like?

How does HTTP works with authenticated request?

1. Browser send GET request to IIS (remember 1^st request is always anonymous)
2. IIS returns 401 and provides WWW-Authenticate Header with the supported authentication methods
3. According to authentication method Browser pop-up the dialog to enter credentials and then submits to IIS
4. Credentials gets validated and if valid, your GET request is served with HTTP Status 200 (200 = success)

Why do we need sessions in HTTP?

Since HTTP is a connection-less protocol we need to provide a way to continue request-response process without having to create a ‘fresh’ newer connection for every request.