In which layer is HTTP in the OSI model?

Asked 26/7, 2016 at 17:36 Answered 5/8, 2021 at 18:39

http http2 osi

Some said HTTP is in the session layer in the OSI model.

But in Tanenbaum's Computer Network, HTTP is said to be in the application layer in the OSI model.

Also some said that HTTP has no concept of session. Does it mean that HTTP can't be in the session layer?

So is HTTP in the session layer? Thanks.

Update: For HTTP/2 what is the layer in OSI model?

Galer answered 26/7, 2016 at 17:36 Comment(2)

just because both specs use the word "session" doesn't mean session means the same thing in both. it's a synonym. – Changteh 26/7, 2016 at 17:39

HTTP is in the Application layer of the Internet protocol suite model and in the Session Layer of the OSI Model. The session layer of the OSI Model is responsible for creating and managing sessions and is the first layer that passes data. HTML is in the presentation layer. – Nakano 5/8, 2021 at 18:36

In which layer is HTTP in the OSI model?

It's in the application layer. See the following quotes from the RFC 7230, one of the documents that currently defines the HTTP/1.1 protocol:

The Hypertext Transfer Protocol (HTTP) is a stateless application-level request/response protocol that uses extensible semantics and self-descriptive message payloads for flexible interaction with network-based hypertext information systems.

HTTP is a stateless request/response protocol that operates by exchanging messages across a reliable transport- or session-layer "connection".

Also some said that HTTP has no concept of session. Does it mean that HTTP can't be in the session layer?

As previously mentioned in the quotes from the RFC 7230, the HTTP protocol is stateless, where each request from client to server (should) contain all of the information necessary to understand the request, without taking advantage of any stored context on the server.

The RFC 6265 defines some mechanisms for state management in HTTP, such as cookies, allowing session management on server side (but it doesn't make HTTP stateful in any ways).

The concept of session in HTTP is different from the concept of session in the OSI model. Anyways, HTTP is an application layer protocol.

The OSI model

The OSI (Open Systems Interconnection) model is a conceptual model created by the International Organization for Standardization which enables diverse communication systems to communicate using standard protocols.

It provides a standard for different computer systems to be able to communicate with each other and can be seen as a universal language for computer networking. It’s based on the concept of splitting up a communication system into seven abstract layers, each one stacked upon the last.

The following picture borrowed from Cloudflare illustrates pretty well what the OSI model is like:

The application layer is the only layer that directly interacts with data from the user. So software applications like web browsers and email clients rely on the application layer to initiate communications.

But it should be made clear that client software applications are not part of the application layer: rather the application layer is responsible for the protocols (such as HTTP and SMTP) and data manipulation that the software relies on to present meaningful data to the user.

The OSI model vs the TCP/IP model

While the OSI model is comprehensive reference framework for general networking systems, it's important to mention that the modern Internet doesn’t strictly follow the OSI model.

The modern Internet more closely follows the simpler Internet protocol suite, which is commonly known as TCP/IP because the foundational protocols in the suite are the TCP (Transmission Control Protocol) and the IP (Internet Protocol).

The following image illustrates how the OSI and TCP/IP models relate to each other:

^{Update: This section has been added to address the bounty started by noɥʇʎԀʎzɐɹƆ, who requested to update this answer with HTTP/2 details.}

Despite the quotes of the document that defines the HTTP/1.1 protocol, all of the above also applies to HTTP/2. Refer to the following quote from the RFC 7540, the document that defines the HTTP/2 protocol:

An HTTP/2 connection is an application-layer protocol running on top of a TCP connection. The client is the TCP connection initiator.

Ellieellinger answered 20/2, 2019 at 11:29 Comment(10)

I want to emphazize that the OSI model is a reference model. It's not a standard to base upon, especialy for layers 5 to 7. HTTP can also be considered as a presentation layer protocol. It does not do "Human-computer interaction" by itself, but the html agent uses HTTP to transfer the data. – Contrariwise 31/10, 2019 at 9:8

So, Would it be correct to consider that HTTP is responsible for both application and presentation layer? Encoding and encryption (https) are part of presentation layer, right? and those are configured as part of http/s protocol – Township 26/3, 2021 at 9:13

@MikelSanVicente Not really. The presentation layer does not exist in the TPP/IP model. – Ellieellinger 26/3, 2021 at 9:20

right, but what if we are talking about OSI model? conceptually would it be both? – Township 26/3, 2021 at 9:58

@MikelSanVicente In the OSI model, the presentation layer is for compression and encryption protocols. Some of the protocols that fit in this layer are SSL (Secure Sockets Layer) and TLS (Transport Layer Security). HTTP/HTTPS sit on the top of them, still on the presentation layer. – Ellieellinger 26/3, 2021 at 10:14

HTTP is in the Application layer of the Internet protocol suite model and in the Session Layer of the OSI Model. – Nakano 5/8, 2021 at 18:29

@NickAbbot What makes you think HTTP is in the session layer or the OSI Model? – Ellieellinger 5/8, 2021 at 18:51

@Ellieellinger The purpose of the Session Layer is to provide the means necessary for cooperating presentation-entities to organize and to synchronize their dialogue and to manage their data exchange. HTTP, FTP, Telnet, all in the Session layer of OSI Model. – Nakano 5/8, 2021 at 19:4

@Ellieellinger Further, the Presentation Layer provides for common representation of the data transferred between application entities. XML, HTML, JSON, REST, MD5,...all in the presentation layer of OSI Model. Any server expecting a date from any client will receive it correctly when in JSON format. – Nakano 5/8, 2021 at 19:23

Given http3 will be over udp, does this change things? – Saxophone 4/11, 2022 at 11:12

-2

The HyperText Transfer Protocol (HTTP), is the Web’s application-layer protocol, is at the heart of the Web. It is defined in [RFC 1945] and [RFC 2616].

Acetous answered 20/2, 2019 at 10:46 Comment(3)

Those were obsoleted nearly half a decade ago by RFC 7230 though 7235 – Bergquist 20/2, 2019 at 11:20

The Hypertext Transfer Protocol (HTTP) is a stateless application- level protocol <---- written in RFC 7230 – Acetous 20/2, 2019 at 11:23

That doesn't make your references any less obsolete. – Bergquist 20/2, 2019 at 11:24

-3

HTTP is in the Application layer of the Internet protocol suite model and in the Session Layer of the OSI Model. The Session layer of the OSI Model is responsible for creating and managing sessions and is the first layer that passes data.

HTTP can redirect sessions, reuse them and have persistent connections.

Nakano answered 5/8, 2021 at 18:39 Comment(2)

HTTP sessions are not the same as session layer of OSI – Saxophone 4/11, 2022 at 11:13

If you read the definition you'll find that they do the same thing. – Nakano 1/12, 2022 at 15:37

The OSI model

The OSI model vs the TCP/IP model

Recommended topics

Hot tags