How does HTTP become stateless?

networking web tcp

HTTP is said to be stateless. Meaning, it doesn’t need to store information for the transmission of data.

But HTTP uses TCP, which is state oriented.

If that's the case, how does HTTP becomes stateless?


HTTP does not care about—and is independent of—any of the lower-level protocols used to transport itself, even though it is itself stateless.

The transport technology can be TCP, or Novell’s old SPX, or SCTP, or whatever else you can dream up, and HTTP will still work the same. HTTP does require a streaming or connection-oriented protocol—and depends on URLs being resolvable—but doesn’t care how that is accomplished.

This is one of the reasons why the layered model or network stack exists: The application layer does not need to concern itself with lower layers.

Just because a lower-level protocol is stateful doesn’t mean anything on top of it automatically becomes stateful or is required to be stateful.

HTTP itself is stateless. So that means applications have to implement another layer on top of HTTP to establish state. This is typically done with session cookies.


"HTTP is stateless" means that each HTTP transaction (request-response pair) can be processed independently of any state from previous request-response pair.

To transport the particular request-response pair you need a protocol that is able to carry arbitrarily large block there and arbitrarily large block back, and to do that over a layer with limited packet size, TCP has to be stateful.

But across transaction boundary, there is no state. The client can drop the connection and establish a new one for the next request. In fact that was the only option in the early versions and it still works like that if the client does not include the Connection: keep-alive header.

The next request can also easily be handled by different server and the client will never know, because the server does not need to maintain any state (unless the application adds its own state on top of HTTP, usually in form of session; the consequent complications in load-balancing is its punishment for building stateful protocol on HTTP). That is taken advantage of in load-balancing busy servers.


The "stateless" nature of HTTP means that on this layer, no state information is created or used.

You can see this in a few instances, for example in HTTP authentication, the credentials are sent with every request, and persistent connections are really just an optimization (i.e. if I send credentials, the server forgets these after the request, even if it leaves the connection open).

In contrast, cookie based login mechanisms are stateful, but not part of HTTP.

Related

Where does Mac OS X store file association information?
What program can I use to bulk download this list of links? [closed]
Temporarily change directory for single batch-file command
What does it mean for software to run natively?
Change current directory using NERDTree
Pulseaudio: how to rescan audio devices?
How to freeze the list of processes in htop?
How can I resolve gstreamer dependencies in Ubuntu
How to make Notepad++ use proxy with username and password?
How to add new PHP version to WAMP
Disable firefox fullscreen warning with html5 stuff?
How to remove "Creative Cloud Files" from File Explorer address bar