Sunday, August 2, 2020

Modern HTTP is stateful. Old timey HTTP was stateless.


Imagine the year 1988

In 1988 HTTP and I were both stateless.  I hadn't been born and Sir Timothy John Berners-Lee, while working at CERN, envisioned the World Wide Web with HTTP as a stateless protocol.  On March 12, 1989, he submitted a proposal to his boss. 


Once released the WWW conquered the globe but there were difficult aspects for businesses.  Tim succeeded in making HTTP stateless but his design shoved responsibility downstream to individual developers.  


How could someone log on a website or add an item to a shopping cart without state?  The simple stateless HTTP resulted in complex web applications littered with stateful links.  


What was a "stateful url"? For a contrived example, after logging into a shopping site all URLs on a website had to change from:


http://www.example.com/shopping&product=12345


to


http://www.example.com/shopping&product=12345?user=4T85KGJHXHT3M3R6LQKQT2


where "user" is a website wide token the web application used for state.  Every link on a page needed to repeat this stateful token or risk the user needing to log in again.  And mind you, login was sent over in unencrypted plain text because state is also required for encryption.  Businesses had limited options to secure their websites.

HTTP's statelessness was the wrong level of abstraction.  The obvious solution was to increase the scope of the original stateless HTTP standard to include state, but who would hear Silicon Valley's demands for stateful HTTP?   


Now teleport to the cypherpunk utopia of 1994

Once again HTTP and I had something in common.  I had state and HTTP did too because Netscape invented cookies.  


HTTP cookies are one of many stateful mechanisms for HTTP.  


Famously in an article in 1996 the Financial Times raised privacy concerns, but cookies were an instant hit and in 1997 cookies were absorbed into the official HTTP standard under the aptly named RFC 2109 "HTTP State Management Mechanism".  


The stateful fun didn't stop there!  Many new stateful goodies were added to HTTP:


  • HTTPS, also invented in 1994 by Netscape, is stateful.  The "S" part, SSL/TLS, needs state.  This was officially integrated into the HTTP standard by RFC 2818 in 2000.

  • HTTP authentication is stateful and was defined in 1997 by RFC 2068 Section 11, and later in 2014 by it's own RFC 7235.  As a foreshadowing sidenote, this token is the origin of HTTP 2's upgrade token.

  • HTTP caching is stateful and was defined in 1997 by RFC 2068 Section 13 and later in its own RFC 7234 in 2014.

  • HTML itself also added state with stateful mechanisms like Web Storage defined and used by the industry by 2011.

Now fondly remember the world of 2015

Specifically, May 14, 2015 when HTTP 2 was released in RFC 7540. The stateful fun was in full swing!  Many new stateful components were built on top of HTTP 1.1's existing stateful components.


No longer did HTTP ceremoniously call itself "stateless" in honor of Sir Tim's original vision, although inaccurate for nearly two decades.  A Control-F returns 125 hits for "state" and zero for "stateless" in the HTTP/2 RFC. HTTP/2 finally banished the stateless masquerading and embraced the long established reality of the web's statefulness. 


These parts of HTTP/2 are stateful additions to the HTTP corpus:



The stateful present

Is HTTP stateless? HTTP can be stateless if you:

  • Don't use stateful url's or other pre-cookie stateful gimmicks.

  • Don't use cookies.

  • Don't use HTTPS.

  • Don't use HTTP authentication.

  • Don't use HTTP caching.

  • Don't use web storage.

  • Don't use HTTP 2's:

    • Stream identifiers.

    • Header blocks.

    • Frames.

    • Header compression.

    • Opportunistic encryption.


...But then what's the point in calling HTTP "stateless"?  It's reasonable for a system of HTTP's maturity to be stateful.  


Is it possible to develop a stateless HTTP web application?  Of course!  Your web application can ignore the many stateful components of HTTP and operate statelessly, but your one stateless application would not reflect the pervasive stateful web apps on the web at large.  Wikipedia, Facebook, Google, Reddit, Hacker News, Spotify, Netflix, and more all use HTTP statefully.  It is difficult to mention websites that even work without state.  


Without careful consideration your new "stateless" http application may still allow browsers and HTTP servers to use HTTP statefully.  But why trouble with such mental gymnastics?  It's far harder to use HTTP statelessly than just to accept the efficiency benefits of state.  


Our once simple HTTP has grown up from it's humble stateless roots to a full fledged stateful system with many useful stateful components.  The next time a 1988 nostalgic web developer says "http is stateless" while in the same breath mentioning cookies, chortle knowingly with the stateful HTTP truth.


HTTP is stateful.  Almost all of the web is stateful and that's to be expected with it's complexity and maturity.  
Posted by at
Labels: ,

39 comments:

  1. AnonymousAugust 2, 2020 at 9:08 PM

    Ok and soo very very good

    ReplyDelete
  2. dfsklmhfdkjsfhsjkdDecember 24, 2022 at 3:34 AM

    Thank you for sharing this informative blog.

    Visit Now for eyebrow threading las vegas near me

    ReplyDelete
  3. ICONIERDecember 30, 2022 at 3:40 AM

    Amazing sir Thanks for Sharing.

    Visit Now for logo design las vegas

    ReplyDelete
  4. Ken ShermDecember 28, 2024 at 7:32 AM

    Believe it or not, this topic is referenced from one of your blogs on the official CompTIA Network+ (N10-008) study guide. 👏🏽

    ReplyDelete
  5. matty boyOctober 13, 2025 at 9:01 AM

    Matty Boy has this unshakable optimism, like every setback is just part of a bigger plan. Some call it naïve; others call it genius.

    ReplyDelete
  6. kroenOctober 13, 2025 at 9:11 AM

    Built for creators, movers, and thinkers, Kroen designs merge utility with sleek aesthetics. You don’t follow trends — you define them.

    ReplyDelete
  7. hmddOctober 13, 2025 at 9:21 AM

    HMDD is continuously updated to include new findings as miRNA research expands. This makes it a living resource reflecting the latest discoveries.

    ReplyDelete
  8. davril supply code promoOctober 13, 2025 at 9:54 PM

    Davril est une marque réputée pour ses produits de qualité, alliant modernité et praticité. Pour permettre à ses clients de profiter de réductions attractives, Davril propose régulièrement des codes promo. Ces codes offrent une opportunité idéale pour économiser sur vos achats tout en découvrant les nouveautés de la marque.

    ReplyDelete
  9. akimboOctober 13, 2025 at 10:09 PM

    The term akimbo generally refers to a posture in which a person stands with hands on their hips and elbows turned outward.

    ReplyDelete
  10. sevenheavensOctober 13, 2025 at 10:17 PM

    In Jewish mysticism, particularly within the Talmud and Kabbalistic texts, the Seven Heavens are depicted as distinct celestial realms.

    ReplyDelete
  11. lattafa perfumesOctober 13, 2025 at 10:28 PM

    Lattafa Perfumes is a prominent fragrance brand based in the United Arab Emirates, recognized for offering high-quality perfumes at affordable prices. Founded with a vision to bring luxury scents to a broader audience, Lattafa has grown rapidly in popularity across the Middle East and internationally. Their products cater to a wide range of tastes, combining traditional Arabian perfumery with contemporary trends.

    ReplyDelete
  12. pink chrome heart hoodieOctober 13, 2025 at 10:40 PM

    Design is at the heart of every Chrome Hearts hoodie. The brand is known for its distinctive gothic-inspired motifs, including crosses, fleur-de-lis patterns, and dagger symbols.

    ReplyDelete
  13. essentials hoodie canadaOctober 13, 2025 at 10:57 PM

    retailers like SSENSE and Genuine Design offer these hoodies, often accompanied by free shipping and returns within the country

    ReplyDelete
  14. pokemon center onlineOctober 13, 2025 at 11:12 PM

    Pokémon Center Online is the official online retail store for all things Pokémon. Launched to complement the physical Pokémon Center stores,

    ReplyDelete
  15. mr winston discount codeOctober 13, 2025 at 11:45 PM

    Mr. Winston is a renowned men's grooming brand that offers a wide range of high-quality products designed to help men look and feel their best.

    ReplyDelete
  16. essentials hoodie brownOctober 13, 2025 at 11:54 PM

    The Essentials Brown Hoodie has become a staple in contemporary streetwear, representing a blend of comfort, style, and minimalism.

    ReplyDelete
  17. denim tears hoodieOctober 14, 2025 at 12:11 AM

    The Black Denim Tears hoodie is more than just a piece of clothing; it’s a cultural statement. Designed under the Black Denim Tears brand, the hoodie merges streetwear aesthetics with profound symbolism, appealing to individuals who value fashion that tells a story. Its unique designs often draw inspiration from African American history and identity, making each piece feel like a wearable artwork rather than a mere garment.

    ReplyDelete
  18. stone island spodnieOctober 14, 2025 at 2:34 AM

    Choć marka jest najbardziej znana z kurtek i innowacyjnych materiałów, spodnie stanowią integralną część jej kolekcji, łącząc techniczny charakter z modowym podejściem. W modelach spodni Stone Island często spotykamy zaawansowane tkaniny i eksperymentalne wykończenia, co odpowiada filozofii marki o łączeniu funkcji i stylu.

    ReplyDelete
  19. black sp5der tracksuitOctober 14, 2025 at 2:44 AM

    The black Sp5der tracksuit has become one of the most recognizable pieces in contemporary streetwear. Originating from the Sp5der brand, which blends luxury aesthetics with urban edge, this outfit captures the perfect balance between comfort and statement fashion. The sleek all-black design serves as a neutral foundation that can be worn casually or styled for a more fashion-forward look.

    ReplyDelete
  20. comme des garconsOctober 14, 2025 at 3:00 AM

    The international breakthrough came in 1981, when Comme des Garçons presented its first Paris runway show.

    ReplyDelete
  21. takashi murakami shopOctober 14, 2025 at 4:43 AM

    Murakami's foray into clothing is often driven by collaborations with major fashion houses and streetwear brands. His most famous partnership is arguably with Louis Vuitton

    ReplyDelete
  22. trapstarOctober 14, 2025 at 4:53 AM

    Trapstar's logo design is simple but iconic. That bold text on the classic tees and hoodies stands out without trying too hard. It’s instantly recognizable

    ReplyDelete
  23. kanye west merchandiseOctober 14, 2025 at 9:00 AM

    One thing that’s frustrating is how fast everything sells out. I tried grabbing something from the Donda release and it was gone in minutes.

    ReplyDelete
  24. god speed hoodieOctober 14, 2025 at 9:09 AM

    The detail in the God Speed Hoodie is what sets it apart. From the stitching to the printed graphics, everything feels premium.

    ReplyDelete
  25. Kapital ClothingOctober 14, 2025 at 9:22 AM

    I’ve noticed more people discovering Kapital lately, and I’m both excited and nervous. Part of me loves how underground it felt, but they deserve the recognition

    ReplyDelete
  26. lover boy hatOctober 14, 2025 at 10:25 AM

    I’ve noticed this hat trending a lot lately, and I can see why! It brings that effortlessly cool vibe without trying too hard. Also, it’s great how it works for all genders and ages, making it a truly inclusive fashion piece.

    ReplyDelete
  27. trapstar hoodieOctober 14, 2025 at 10:39 AM

    For anyone on the fence about getting a Trapstar hoodie — do it. The fit is unmatched. I was surprised by how well it sits on the shoulders and the length is just right.

    ReplyDelete
  28. civil regimeOctober 14, 2025 at 10:57 AM

    Civil Regime isn’t just a clothing brand — it’s a lifestyle. It represents confidence, independence, and creativity. Whether it’s the bold hoodies, graphic tees, or statement jackets, everything

    ReplyDelete
  29. fake godsOctober 15, 2025 at 9:38 PM

    Throughout history, humanity has shown a deep desire to seek meaning, purpose, and power beyond the physical world. This longing has led to the worship of various gods and deities, both true and false. While faith can be a powerful force for good, there has also been the dangerous rise of fake gods — false idols, deceptive powers, or man-made constructs that demand loyalty and devotion but offer no real truth or salvation.

    ReplyDelete
  30. lattafa perfumyOctober 15, 2025 at 9:53 PM

    Lattafa has quickly risen to become synonymous with luxury, elegance, and affordability. Based in the United Arab Emirates, Lattafa Perfumes has carved a niche for itself by offering high-quality, long-lasting fragrances that rival some of the most expensive designer brands

    ReplyDelete
  31. g59 records merchOctober 15, 2025 at 10:17 PM

    G59 Records emerged from the underground scene, built on a foundation of anti-mainstream sentiments, mental health struggles, and raw emotion. $uicideboy$, the flagship artists of the label, drew in millions of listeners through their unfiltered lyrics and hard-hitting beats. Naturally, this raw authenticity spilled over into their merchandise.

    ReplyDelete
  32. takashi murakami clothesOctober 15, 2025 at 10:31 PM

    Takashi Murakami, the acclaimed Japanese contemporary artist, has captivated the world not only with his vibrant, anime-inspired artworks but also with his foray into fashion. Known for blending traditional Japanese art techniques with bold pop culture imagery, Murakami has become a major force in the fashion world, pushing the boundaries of wearable art.

    ReplyDelete
  33. sp5der storeOctober 15, 2025 at 11:48 PM

    The Sp5der Store is now a go-to destination for fans of bold fashion statements, mixing high-end streetwear aesthetics with underground influence.

    ReplyDelete
  34. eme studios ukOctober 16, 2025 at 12:16 AM

    Eme Studios is its ambition to make fashion participatory: each release is often framed as a “drop” or capsule collection, with narratives that invite the wearer to interpret meaning.

    ReplyDelete
  35. that's a awful lot of cough syrupOctober 16, 2025 at 12:30 AM

    Codeine-based syrups, often mixed with soda in a recreational cocktail known as “lean” or “purple drank,” are even more dangerous. Because codeine is an opioid, repeated use can lead to dependence, addiction, and potentially fatal respiratory depression. What begins as "an awful lot of cough syrup" can quickly spiral into a life-threatening habit.

    ReplyDelete
  36. chrome heart crossOctober 16, 2025 at 12:44 AM

    . Among the most iconic and sought-after designs in the Chrome Hearts collection is the Chrome Hearts Cross—a motif that has become synonymous with the brand’s gothic and rock 'n' roll aesthetic.

    ReplyDelete
  37. cortiezOctober 16, 2025 at 1:32 AM

    In the modern streetwear scene, few brands have generated as much mystique and buzz as Corteiz (often stylized as CRTZ or misspelled as “Cortiez”). What began as a small, underground label has grown into a cultural phenomenon

    ReplyDelete
  38. cortiezOctober 16, 2025 at 1:48 AM

    In the rapidly evolving world of fashion, few brands have created as much buzz and loyal following in such a short span as Corteiz (often stylized as “Crtz”). Emerging from the streets of London, this underground label has grown into a cultural force, thanks to its authenticity, exclusivity, and a strong connection with youth culture.

    ReplyDelete
  39. kanye west pulloverOctober 16, 2025 at 2:57 AM

    Kanye West, a name synonymous with innovation and controversy in both music and fashion, has consistently pushed the boundaries of style. Among his many iconic fashion pieces, the Kanye West pullover has emerged as a quiet yet powerful symbol of modern streetwear.

    ReplyDelete

Subscribe to: Post Comments (Atom)