Why can't we have stateful protocols running the web?_问答_开发者

Why can't we have stateful protocols running the web?

开发者 https://www.devze.com 2023-02-14 06:30 出处：网络

I understand that sessions in HTTP is stateless and hence we have meth开发者_运维问答ods like cookies, URL rewriting etc. to maintain state.

相关专题：http session

I understand that sessions in HTTP is stateless and hence we have meth开发者_运维问答ods like cookies, URL rewriting etc. to maintain state.

My question is, since state is very important, why did the designers leave it out while designing the HTTP protocol? Are there any specific reasons for it?

Is it worth the effort to redesign the protocol to make it stateful ?

HTTP was the next step over the Gopher protocol. It was around in the 1990s, where Geocities was the place to be and CGI forms were the height of interactive sessions.

As it is, state is maintained at a level higher than HTTP, and that seems to function just fine (cookies, session Ids, etc). Why would you rewrite the protocol?

Stateless is cheaper. Good reading about:

http://www.tonymarston.net/php-mysql/stateless-protocol.html

I don't think anybody at the time HTTP was invented had any foresight that HTTP would be used the way it is now.

Main reason is scalability and high availability of web applications, why can't we have stateful protocols running the web. Stateless protocol eases the replication and scalability concerns, as the state itself doesn't need to be stored on the server. HTTP and HTTPS as stateless protocol of the web applications. Stateless HTTP request can be sent to any node, at any time, while with stateful this is not a case. The advantage of stateless HTTP protocol is that the number of active web clients can be by far greater while the requests are usually staggered instead of transmitted all at the same instant.

If there is connection lost, there is no state that is lost, simple request resend will resolve the problem, although it is security nightmare, since each request is treated as a new request and not as a follow-up to a previous request.

The stateless is really bad for web security. The flip side of HTTP is that the web server does not maintain any memory (state) of the activities of any web client. The lousy web security vulnerabilities have been present since its creation and have become increasingly dangerous with time. Douglas Crockford has fixed web security vulnerabilities with the Seif project.