How Web Sockets work | Deep Dive

00:00

hey everyone welcome back previously I

00:01

have explained the basics of websockets

00:03

and how they enable realtime two-way

00:05

communication between browsers and

00:06

servers but many of you wanted more so

00:09

today we'll dive deeper and explore

00:11

Advanced websocket functionalities and

00:13

how to build powerful real-time

00:15

applications with them we'll first

00:17

revisit the websocket handshake which is

00:19

a crucial step where the client and

00:21

server negotiate the upgrade from HTTP

00:23

to a websocket connection we'll then

00:25

break down the handshake process in

00:26

detail exploring the headers exchanged

00:28

and the steps involved on both sides so

00:31

let's dive in and get

00:33

[Music]

00:35

started previously in my web socket

00:38

introduction video we learned that HTTP

00:39

uses distinct connection for separate

00:41

request it increases the load on the

00:43

server as the server has to create a new

00:45

handshake for every request once the

00:47

request is completed connection is

00:49

closed on the other hand websocket

00:52

connection is persistent as long as it

00:54

is not interrupted by either of the

00:56

parties the websocket protocol is an

00:58

independent TCP based protocol call its

01:00

only relationship to http is that its

01:03

handshake is interpreted by HTTP servers

01:05

as an upgrade request the websocket

01:08

handshake process is a crucial step that

01:10

establishes a real-time Communication

01:12

channel between a client which is

01:13

browser and a server it leverages the

01:16

familiar HTTP protocol for initial

01:18

connection but then negotiates an

01:20

upgrade to the websocket protocol here

01:23

is a detail breakdown of the client and

01:25

server steps involved the client opens a

01:28

regular HTTP connection to the servers

01:29

specifying a desired websocket endpoint

01:31

in the URL usually prefixed with WS or

01:35

WSS for a secure connections it sends an

01:38

HTTP get request with a specific headers

01:40

to indicate the intention to upgrade to

01:43

websocket now the client set headers

01:45

looks like this wherein the upgrade

01:47

websocket headers tells the server that

01:49

the client wants to upgrade the

01:51

connection to websocket the connection

01:53

upgrade header informs the server that

01:55

the client desires an upgrade from the

01:57

current connection protocol the SEC

02:00

websocket key is the header that

02:02

contains a randomly generated b64

02:04

encoding string unique to this handshake

02:07

it will be used by the server to verify

02:08

the handshake later and then there are

02:11

some additional headers depending on the

02:12

server implementation and desired

02:14

features the additional headers like SE

02:17

websocket version specifying the

02:19

websocket protocol version or SE

02:21

websocket protocol requesting a specific

02:23

sub protocol which might be included and

02:25

then the client waits for the service

02:27

response to the HTTP upgrade request on

02:30

the other end when the server receives

02:32

HTTP get request from the client it

02:34

checks the request headers to ensure

02:36

that they are valid for a websocket

02:37

handshake and sends an HTTP response

02:40

with a status code of 101 switching

02:42

protocols to indicate successful upgrade

02:45

to websocket the handshake from server

02:47

looks like

02:49

this let's go through these steps in

02:52

detail the server first verifies the

02:54

presence of upgrade websocket and

02:57

connection upgrade headers now the

02:59

primary goal of the server processing

03:01

and generating the SE websocket accept

03:03

header is to prove to the client that

03:04

the server recognized it as a valid

03:07

websocket hand check initiation and is

03:09

willing to proceed and the server can

03:11

confirm that the hand check request

03:13

originated from a genuine web client and

03:15

not a malicious actor attempting to

03:17

impersonate a websocket connection the

03:19

server receives the base 64 encoded

03:20

string from the SE websocket key header

03:23

the server then generates a new string

03:25

by concatenating the received SE

03:26

websocket key with a predefined u ID for

03:29

example this and then applying a

03:31

cryptographic hash function such as sha1

03:34

and this new string is then Bas 64

03:37

encoded the server sends an HTTP

03:39

response with a status code of 101

03:41

switching protocols to indicate

03:43

successful upgrade to websocket the

03:45

response includes the following

03:47

headers an upgrade web socket header

03:49

echoing back the upgrade request from

03:51

the client connection upgrade confirming

03:53

the upgrade from HTTP to websocket and

03:56

SE websocket accept this is the base 64

03:59

for encoded string generated previously

04:02

and this verifies that the client

04:03

initiated the hand check once the client

04:06

receiv receives the service response

04:08

with the correct SEC websocket accept

04:09

header it validates the response

04:12

confirming a successful hand check both

04:14

client and server can now start

04:16

exchanging data using the websocket

04:17

protocol over the established TCP

04:19

connection the HTTP connection is

04:22

essentially replaced by the websocket

04:24

connection now if the SE websocket

04:27

accept value does not match the expected

04:29

value or if the header field is missing

04:31

or if the HTTP status code is not 101

04:34

the connection will not be established

04:36

and websocket Frames will not be sent if

04:39

any code other than 101 is returned from

04:41

the server clients have to end the

04:43

connection the web socket handic ensures

04:46

a secure and authenticated Connection by

04:48

including a random key SEC websocket key

04:51

generated by the client and verified by

04:53

the server through SE websocket accept

04:55

header this handshake process paves the

04:58

way for realtime two we communication

05:00

between the client and server without

05:02

the need for a constant HTTP request and

05:05

responses websocket has a default Ur

05:07

format such as below like I said before

05:10

it can be either WS or WSS just like

05:13

HTTP protocol the port component is

05:16

optional as default Port 0 is used for

05:18

ws and 443 is used for

05:21

WSS WSS is used as a secure URI as a

05:26

secure flag is set and TLS handshake is

05:28

done between server and L for secure

05:32

Communication in websocket protocol data

05:34

is transmitted using sequence of frames

05:37

frames in web soet are the basic units

05:39

of the data that are exchanged between

05:40

the client and server and each frame has

05:42

a specific structure fin or F indicates

05:46

whether the frame is in the final

05:47

fragment or larger message a value of

05:50

one means it's the final fragment and

05:52

while zero means there are more

05:54

fragments to come more on fragments

05:57

later RSV 1 rsv2 RSV three these three

06:00

beds are the reserve bits they are

06:02

typically set to zero and they are

06:04

currently reserved for future use case

06:06

or potential extensions to the websocket

06:08

protocol the op code Fields defines the

06:11

type of data the frame carries it could

06:13

be a textual data in utf8 encoded format

06:16

or a binary data or a ping frame for

06:19

keep alive

06:20

events The Mask pit indicates if the

06:23

payo data is masked masking is always

06:26

applied to frames sent from client to

06:27

server we'll take a closer look at

06:29

masking shortly the payload length

06:32

defines the length of the payload data

06:34

and the length field itself can vary

06:36

from 0 to 125 depending on the size of

06:38

the payload the masking key is used to

06:41

obscure payload data and the payload

06:44

data which is a variable length has the

06:46

actual content of the messages such as

06:48

text or binary data now coming back to

06:51

masking masking main goal in websocket

06:54

is to ensure smooth transition of

06:56

real-time data through various Network

06:57

infrastructure that wasn't necessarily

06:59

designed with websockets in mind before

07:02

websockets were standardized some

07:04

Network infrastructure component

07:06

particularly those designed purely for

07:08

HTTP traffic try to be smart when it

07:11

came to caching these caching proxies

07:13

sometimes stored responses from a server

07:15

expecting that they can later reuse the

07:17

same response for similar HTTP request

07:20

however websocket connections don't

07:22

follow the traditional HTTP request

07:24

response pattern unmasked websocket data

07:26

could be wrongly interpreted as HTTP

07:28

content and can can be stored

07:30

potentially leading to issues later when

07:32

a real HTTP request is made masking

07:35

obscures the data within websocket

07:37

frames in a way that makes it

07:38

unpredictable and very unlikely to

07:40

resemble valid HTTP request or responses

07:43

this discourages proxies and other

07:45

intermediaries from attempting to Cache

07:47

or modify the data as it clearly doesn't

07:50

fit the HTTP model masking basically

07:53

makes web soer traffic look distinctly

07:55

different from HTTP discouraging

07:57

incorrect interpretation or manipulation

07:59

fragmentation on the other hands in

08:01

websockets refers to the process of

08:02

splitting a large message into smaller

08:04

chunks for transmission over the network

08:07

this technique is particularly useful

08:09

for handling a very large messages that

08:11

might overwhelm the connection or exceed

08:13

buffer limitations on either the client

08:15

or server it is to prevent buffer

08:17

overflow imagine a user uploading a

08:19

large file through a websocket

08:21

connection and without fragmentation the

08:23

entire file would be sent as a single

08:25

message this could potentially overflow

08:27

buffers on the client or server leading

08:29

to connection errors or performance

08:31

issues fragmentation allows for gradual

08:34

delivery of large messages the receiver

08:36

can start processing the initial

08:37

fragments while the remaining fragments

08:39

are still being transmitted this can be

08:42

beneficial for applications where

08:44

immediate display of partial data is

08:45

valuable such as receiving updates

08:47

during a long running process now when a

08:50

message is split up into fragments each

08:52

fragment is sent with a fin bit set to

08:54

zero for all but the final frame in the

08:56

sequence the F bit indicates whether the

08:59

current frame is the final frame in the

09:01

message or whether more frames will

09:03

follow if the fin bit is set to zero it

09:05

means that there are more frames coming

09:07

and the receiver should continue to wait

09:09

for additional frames before processing

09:10

the message and when the final fragment

09:13

of the message is sent it is sent with

09:15

the fin bit set to one this signals to

09:17

the receiver that this is the last frame

09:19

in the message now websockets are a

09:21

versatile communication technology and

09:23

find applications in various domains for

09:25

example in chat applications for sending

09:27

and receiving messages quickly and

09:29

effici ly which I have in fact

09:31

previously covered in my WhatsApp system

09:32

design video it can also enable

09:34

real-time Communication in web

09:36

application such as changes and updates

09:39

on the web pages in gaming industry it

09:41

can facilitate seamless multiplayer

09:43

gaming experiences or imagine a realtime

09:45

drawing app where multiple users can

09:47

collaborate on a canvas or maybe in

09:49

stock exchanges for real-time updates on

09:52

stock ticker prices these advanced

09:53

websocket concepts might seem complex

09:56

but the possibility is they unlock are

09:57

worth the effort remember breaking

09:59

things down experimenting and

10:01

understanding the why behind each

10:02

feature will lead to True Mastery so if

10:05

you have any questions or cool project

10:06

ideas drop them in the comments and

10:08

let's keep the ban Community growing

10:13

[Music]