Scribd
Upload
70 views20 pages

Websockets vs. Ajax: A Deep Dive

The document discusses websockets and how they compare to Ajax. It defines websockets as providing full-duplex communication over a single socket connection. This reduces overhead compared to Ajax which uses separate requests. The document examines how websockets eliminate problems with Ajax like overhead and latency, and provide benefits like real-time communication. It also covers how websockets work at the protocol level, are implemented, and consider security aspects.

Uploaded by

Tạ Thốn
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
70 views20 pages

Websockets vs. Ajax: A Deep Dive

The document discusses websockets and how they compare to Ajax. It defines websockets as providing full-duplex communication over a single socket connection. This reduces overhead compared to Ajax which uses separate requests. The document examines how websockets eliminate problems with Ajax like overhead and latency, and provide benefits like real-time communication. It also covers how websockets work at the protocol level, are implemented, and consider security aspects.

Uploaded by

Tạ Thốn
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 20

What are Websockets?

Ajax vs. Websockets


Diving into Websockets
Security
Sources
end

Websockets - Ajax Killer?


Sergej Schmidt
@UnFUG

December 28, 2012

Sergej Schmidt @UnFUG

Websockets - Ajax Killer?

What are Websockets?


Ajax vs. Websockets
Diving into Websockets
Security
Sources
end

Index
1

What are Websockets?


Definition
Why?
Usecase(s)
Ajax vs. Websockets
Whats the Problem with Ajax
Long Polling
Websockets killed the overhead
Benchmarks
Diving into Websockets
Protocol
Implementation
Security
Security
Sergej Schmidt @UnFUG

Websockets - Ajax Killer?

What are Websockets?


Ajax vs. Websockets
Diving into Websockets
Security
Sources
end

Definition
Why?
Usecase(s)

Definition

Definition
API originally defined by HTML5
Since 12-2012 protocol in RFC 6455
Client side stuff by w3c
Full-duplex comunication with a remote host
Through a single socket
Layer 3 Protocol

Sergej Schmidt @UnFUG

Websockets - Ajax Killer?

What are Websockets?


Ajax vs. Websockets
Diving into Websockets
Security
Sources
end

Definition
Why?
Usecase(s)

Why?
Ian Hickson
Reducing kilobytes of data to 2 bytesand reducing
latency from 150ms to 50ms is far more than marginal.
In fact, these two factors alone are enough to make Web
Sockets seriously interesting to Google.
Proxy
Solves proxy problems
Through HTTP CONNECT

Sergej Schmidt @UnFUG

Websockets - Ajax Killer?

What are Websockets?


Ajax vs. Websockets
Diving into Websockets
Security
Sources
end

Definition
Why?
Usecase(s)

Usecase(s)

Usecase(s)
Asynchronous Communication (Ajax style dynamic web pages)
HTTP Long Polling (discussed later)
Video-Streaming

Sergej Schmidt @UnFUG

Websockets - Ajax Killer?

What are Websockets?


Ajax vs. Websockets
Diving into Websockets
Security
Sources
end

Whats the Problem with Ajax


Long Polling
Websockets killed the overhead
Benchmarks

Whats the Problem with Ajax


Ajax HTTP Request
GET / s ? h l=de&g s n f=3&cp=5& g s i d =9&x h r=t&q=u n f u g & . . .
Host : www. g o o g l e . de
UserAgent : M o z i l l a / 5 . 0 ( X11 ; L i n u x x 8 6 6 4 ; . . .
A c c e p t : t e x t / html , a p p l i c a t i o n / x h t m l+xml , . . .
AcceptLanguage : enUS , en ; q =0.5
AcceptE n c o d i n g : g z i p , d e f l a t e
ProxyC o n n e c t i o n : keep a l i v e
R e f e r e r : h t t p : / /www. g o o g l e . de /
C o o k i e : PREF=ID=c b a 2 5 4 2 e a 6 d 8 b d e c : U=ba82c7938d1a . . .

Sergej Schmidt @UnFUG

Websockets - Ajax Killer?

What are Websockets?


Ajax vs. Websockets
Diving into Websockets
Security
Sources
end

Whats the Problem with Ajax


Long Polling
Websockets killed the overhead
Benchmarks

Whats the Problem with Ajax

Whats the Problem with Ajax


> 200 bytes overhead
Higher Layer 4 => more traffic and higher latency
HTTP is stateless
=> No Connection, same size request/response every time
AGAIN: HTTP Long Polling screnario

Sergej Schmidt @UnFUG

Websockets - Ajax Killer?

What are Websockets?


Ajax vs. Websockets
Diving into Websockets
Security
Sources
end

Whats the Problem with Ajax


Long Polling
Websockets killed the overhead
Benchmarks

Long Polling

Figure : LongWebsockets
Polling- Ajax Killer?

Sergej Schmidt @UnFUG

What are Websockets?


Ajax vs. Websockets
Diving into Websockets
Security
Sources
end

Whats the Problem with Ajax


Long Polling
Websockets killed the overhead
Benchmarks

Bandwith

Websockets killed the overhead


2 bytes overhead
Layer 3 protocol
=> Connection through Handshake

Sergej Schmidt @UnFUG

Websockets - Ajax Killer?

What are Websockets?


Ajax vs. Websockets
Diving into Websockets
Security
Sources
end

Whats the Problem with Ajax


Long Polling
Websockets killed the overhead
Benchmarks

Benchmarks

CometD benchmark
Comet - Ajax push technology for long polling
CometD is an HTTP-based event routing bus
Benchmark on Amazon EC2 in Sep - 2011 by Greg Wilkins

Sergej Schmidt @UnFUG

Websockets - Ajax Killer?

What are Websockets?


Ajax vs. Websockets
Diving into Websockets
Security
Sources
end

Whats the Problem with Ajax


Long Polling
Websockets killed the overhead
Benchmarks

Benchmarks

Figure : HTTP-benchmark
Sergej Schmidt @UnFUG

Websockets - Ajax Killer?

What are Websockets?


Ajax vs. Websockets
Diving into Websockets
Security
Sources
end

Whats the Problem with Ajax


Long Polling
Websockets killed the overhead
Benchmarks

Benchmarks

Figure : websocket-benchmark
Websockets - Ajax Killer?

Sergej Schmidt @UnFUG

What are Websockets?


Ajax vs. Websockets
Diving into Websockets
Security
Sources
end

Protocol
Implementation

Establish Connection through HTTP

GET ws : / / echo . w e b s o c k e t . o r g /? e n c o d i n g=t e x t HTTP/ 1 . 1


O r ig i n : http :// websocket . org
u t m a =99 a s
Cookie :
C o n n e c t i o n : Upgrade
Host : echo . w e b s o c k e t . o r g
SecWebSocketKey : u R o v s c Z j N o l /umbTt5uKmw==
Upgrade : w e b s o c k e t
SecWebSocketV e r s i o n : 13

Sergej Schmidt @UnFUG

Websockets - Ajax Killer?

What are Websockets?


Ajax vs. Websockets
Diving into Websockets
Security
Sources
end

Protocol
Implementation

Establish Connection through HTTP

HTTP/ 1 . 1 101 WebSocket P r o t o c o l Handshake


Date : F r i , 10 Feb 2012 1 7 : 3 8 : 1 8 GMT
C o n n e c t i o n : Upgrade
Upgrade : WebSocket
A c c e s s C o n t r o l Allow O r i g i n : h t t p : / / w e b s o c k e t . o r g
A c c e s s C o n t r o l Allow C r e d e n t i a l s : t r u e
SecWebSocketA c c e p t : rLHCkw/SKsO9GAH/ZSFhBATDKrU=
A c c e s s C o n t r o l Allow H e a d e r s : c o n t e n t t y p e

Sergej Schmidt @UnFUG

Websockets - Ajax Killer?

What are Websockets?


Ajax vs. Websockets
Diving into Websockets
Security
Sources
end

Protocol
Implementation

Frame

Figure : WS Frame

WS Frame
OP-Code - 0x0 continous frame, 0x1 for text, 0x2 for binary
(0x3-0x7 reserved, not defined yet)
If text must be UTF-8, binary is interpreted by client
Text starts with 0x00 and ends with 0xFF, binary must have a
length
Sergej Schmidt @UnFUG

Websockets - Ajax Killer?

What are Websockets?


Ajax vs. Websockets
Diving into Websockets
Security
Sources
end

Protocol
Implementation

Frame

WS Control Frames
OP-Code - 0x8 Close, 0x9 Ping, 0xA Pong
0xB - 0xF reserved, not defined yet

Sergej Schmidt @UnFUG

Websockets - Ajax Killer?

What are Websockets?


Ajax vs. Websockets
Diving into Websockets
Security
Sources
end

Protocol
Implementation

Impelemntation

Demo of http://www.websocket.org/echo.html

Sergej Schmidt @UnFUG

Websockets - Ajax Killer?

What are Websockets?


Ajax vs. Websockets
Diving into Websockets
Security
Sources
end

Security

Security

Security
Encryption: Tunneling through TLS controlled through URI
ws vs. wss
Same origin policy
Masking against cache poisoning
No Authentication (use Cookies :)

Sergej Schmidt @UnFUG

Websockets - Ajax Killer?

What are Websockets?


Ajax vs. Websockets
Diving into Websockets
Security
Sources
end

Sources

Java Magazine 5/2012


https://www.websocket.org/
further reading:
http://www.heise.de/developer/artikel/WebSocketAnnaeherung-an-Echtzeit-im-Web-1260189.html

Sergej Schmidt @UnFUG

Websockets - Ajax Killer?

What are Websockets?


Ajax vs. Websockets
Diving into Websockets
Security
Sources
end

end

if(!questions)
return \0

Sergej Schmidt @UnFUG

Websockets - Ajax Killer?

You might also like