Questions
3–5 questions in university semester papers
Difficulty
Easy
Importance
Fundamental for web development and networking modules
Overview
The HTTP and Client-Server model forms the foundational protocol of the World Wide Web, defining how resources are requested and served across a network. Mastering this topic is essential for understanding web architecture, API communications, and state management, which are frequent subjects in university computer science theory exams.
Client-Server Architecture
This architecture defines a distributed application structure that partitions tasks between service providers (servers) and service requesters (clients). In a web context, the browser acts as the client sending HTTP requests, while the web server processes these requests and returns HTTP responses.
- Client initiates the connection
- Server listens for incoming requests
- Stateless communication nature
- Separation of concerns between UI and backend logic
HTTP Methods & Status Codes
HTTP methods define the action to be performed on a resource, while status codes inform the client about the success or failure of that request. These are categorized into standard response ranges which are critical for debugging and protocol compliance in web development.
- GET: Retrieve data
- POST: Submit new data
- PUT/PATCH: Update existing data
- DELETE: Remove data
- 2xx Success, 4xx Client Error, 5xx Server Error
Cookies & Sessions
Since HTTP is inherently stateless, cookies and sessions are used to maintain user state and identity across multiple request-response cycles. Cookies are stored on the client side, whereas session data is typically maintained on the server side mapped by a session ID.
- Cookies persist via Set-Cookie headers
- Sessions provide server-side state security
- Session hijacking is a major security risk
- Cookies can be marked as HttpOnly to prevent XSS
Exam Tip
Always mention that HTTP is stateless when asked about why cookies/sessions are necessary, as this is the primary conceptual bridge Examiners look for.
Common Mistakes
- Confusing the purpose of GET (safe/idempotent) with POST (non-idempotent) methods.
- Assuming cookies are synonymous with sessions without distinguishing client-side vs server-side storage.
- Misremembering status codes like 401 (Unauthorized) versus 403 (Forbidden).
More Revision Notes
Ready to test yourself?
Play topic-wise HTTP & Client-Server Model questions in Aspirant Arcade — gamified MCQ practice.
Download Free