in literal terms, handshaking can be defined as gripping and shaking of right hands by two individuals, as to symbolize greeting, congratulations, agreement or farewell. in computer science, handshaking is a process that ensures the server is in sync with its clients. handshaking is the basic concept of web socket protocol.
the following diagram shows the server handshake with various clients −

web sockets – definition
web sockets are defined as a two-way communication between the servers and the clients, which mean both the parties communicate and exchange data at the same time.
the key points of web sockets are true concurrency and optimization of performance, resulting in more responsive and rich web applications.
description of web socket protocol
this protocol defines a full duplex communication from the ground up. web sockets take a step forward in bringing desktop rich functionalities to the web browsers. it represents an evolution, which was awaited for a long time in client/server web technology.
the main features of web sockets are as follows −
web socket protocol is being standardized, which means real time communication between web servers and clients is possible with the help of this protocol.
web sockets are transforming to cross platform standard for real time communication between a client and the server.
this standard enables new kind of the applications. businesses for real time web application can speed up with the help of this technology.
the biggest advantage of web socket is it provides a two-way communication (full duplex) over a single tcp connection.
url
http has its own set of schemas such as http and https. web socket protocol also has similar schema defined in its url pattern.
the following image shows the web socket url in tokens.

browser support
the latest specification of web socket protocol is defined as rfc 6455 – a proposed standard.
rfc 6455 is supported by various browsers like internet explorer, mozilla firefox, google chrome, safari, and opera.
before diving to the need of web sockets, it is necessary to have a look at the existing techniques, which are used for duplex communication between the server and the client. they are as follows −
- polling
- long polling
- streaming
- postback and ajax
- html5
polling
polling can be defined as a method, which performs periodic requests regardless of the data that exists in the transmission. the periodic requests are sent in a synchronous way. the client makes a periodic request in a specified time interval to the server. the response of the server includes available data or some warning message in it.
long polling
long polling, as the name suggests, includes similar technique like polling. the client and the server keep the connection active until some data is fetched or timeout occurs. if the connection is lost due to some reasons, the client can start over and perform sequential request.
long polling is nothing but performance improvement over polling process, but constant requests may slow down the process.
streaming
it is considered as the best option for real-time data transmission. the server keeps the connection open and active with the client until and unless the required data is being fetched. in this case, the connection is said to be open indefinitely. streaming includes http headers which increases the file size, increasing delay. this can be considered as a major drawback.
ajax
ajax is based on javascript's xmlhttprequest object. it is an abbreviated form of asynchronous javascript and xml. xmlhttprequest object allows execution of the javascript without reloading the complete web page. ajax sends and receives only a portion of the web page.
the code snippet of ajax call with xmlhttprequest object is as follows −
var xhttp; if (window.xmlhttprequest) { xhttp = new xmlhttprequest(); } else { // code for ie6, ie5 xhttp = new activexobject("microsoft.xmlhttp"); }
the major drawbacks of ajax in comparison with web sockets are −
- they send http headers, which makes total size larger.
- the communication is half-duplex.
- the web server consumes more resources.
html5
html5 is a robust framework for developing and designing web applications. the main pillars include mark-up, css3 and javascript apis together.
the following diagram shows html5 components −

the code snippet given below describes the declaration of html5 and its doctype.
<!doctype html>
why do we need web sockets?
internet was conceived to be a collection of hypertext mark-up language (html) pages linking one another to form a conceptual web of information. during the course of time, static resources increased in number and richer items, such as images and began to be a part of the web fabric.
server technologies advanced which allowed dynamic server pages - pages whose content was generated based on a query.
soon, the requirement to have more dynamic web pages lead to the availability of dynamic hypertext mark-up language (dhtml). all thanks to javascript. over the following years, we saw cross frame communication in an attempt to avoid page reloads followed by http polling within frames.
however, none of these solutions offered a truly standardized cross browser solution to real-time bi-directional communication between a server and a client.
this gave rise to the need of web sockets protocol. it gave rise to full-duplex communication bringing desktop-rich functionality to all web browsers.
web socket represents a major upgrade in the history of web communications. before its existence, all communication between the web clients and the servers relied only on http.
web socket helps in dynamic flow of the connections that are persistent full duplex. full duplex refers to the communication from both the ends with considerable fast speed.
it is termed as a game changer because of its efficiency of overcoming all the drawbacks of existing protocols.
web socket for developers and architects
importance of web socket for developers and architects −
web socket is an independent tcp-based protocol, but it is designed to support any other protocol that would traditionally run only on top of a pure tcp connection.
web socket is a transport layer on top of which any other protocol can run. the web socket api supports the ability to define sub-protocols: protocol libraries that can interpret specific protocols.
examples of such protocols include xmpp, stomp, and amqp. the developers no longer have to think in terms of the http request-response paradigm.
the only requirement on the browser-side is to run a javascript library that can interpret the web socket handshake, establish and maintain a web socket connection.
on the server side, the industry standard is to use existing protocol libraries that run on top of tcp and leverage a web socket gateway.
the following diagram describes the functionalities of web sockets −

web socket connections are initiated via http; http servers typically interpret web socket handshakes as an upgrade request.
web sockets can both be a complementary add-on to an existing http environment and can provide the required infrastructure to add web functionality. it relies on more advanced, full duplex protocols that allow data to flow in both directions between client and server.
functions of web sockets
web sockets provide a connection between the web server and a client such that both the parties can start sending the data.
the steps for establishing the connection of web socket are as follows −
the client establishes a connection through a process known as web socket handshake.
the process begins with the client sending a regular http request to the server.
an upgrade header is requested. in this request, it informs the server that request is for web socket connection.
web socket urls use the ws scheme. they are also used for secure web socket connections, which are the equivalent to https.
a simple example of initial request headers is as follows −
get ws://websocket.example.com/ http/1.1 origin: http://example.com connection: upgrade host: websocket.example.com upgrade: websocket
web sockets occupy a key role not only in the web but also in the mobile industry. the importance of web sockets is given below.
web sockets as the name indicates, are related to the web. web consists of a bunch of techniques for some browsers; it is a broad communication platform for vast number of devices, including desktop computers, laptops, tablets and smart phones.
html5 app that utilizes web sockets will work on any html5 enabled web browser.
web socket is supported in the mainstream operating systems. all key players in the mobile industry provide web socket apis in own native apps.
web sockets are said to be a full duplex communication. the approach of web sockets works well for certain categories of web application such as chat room, where the updates from client as well as server are shared simultaneously.

web sockets, a part of the html5 specification, allow full duplex communication between web pages and a remote host. the protocol is designed to achieve the following benefits, which can be considered as the key points −
reduce unnecessary network traffic and latency using full duplex through a single connection (instead of two).
streaming through proxies and firewalls, with the support of upstream and downstream communication simultaneously.
it is necessary to initialize the connection to the server from client for communication between them. for initializing the connection, creation of javascript object with the url with the remote or local server is required.
var socket = new websocket(“ ws://echo.websocket.org ”);
the url mentioned above is a public address that can be used for testing and experiments. the websocket.org server is always up and when it receives the message and sends it back to the client.
this is the most important step to ensure that application works correctly.
web sockets – events
there are four main web socket api events −
- open
- message
- close
- error
each of the events are handled by implementing the functions like onopen, onmessage, onclose and onerror functions respectively. it can also be implemented with the help of addeventlistener method.
the brief overview of the events and functions are described as follows −
open
once the connection has been established between the client and the server, the open event is fired from web socket instance. it is called as the initial handshake between client and server. the event, which is raised once the connection is established, is called onopen.
message
message event happens usually when the server sends some data. messages sent by the server to the client can include plain text messages, binary data or images. whenever the data is sent, the onmessage function is fired.
close
close event marks the end of the communication between server and the client. closing the connection is possible with the help of onclose event. after marking the end of communication with the help of onclose event, no messages can be further transferred between the server and the client. closing the event can happen due to poor connectivity as well.
error
error marks for some mistake, which happens during the communication. it is marked with the help of onerror event. onerror is always followed by termination of connection. the detailed description of each and every event is discussed in further chapters.
web sockets – actions
events are usually triggered when something happens. on the other hand, actions are taken when a user wants something to happen. actions are made by explicit calls using functions by users.
the web socket protocol supports two main actions, namely −
- send( )
- close( )
send ( )
this action is usually preferred for some communication with the server, which includes sending messages, which includes text files, binary data or images.
a chat message, which is sent with the help of send() action, is as follows −
// get text view and button for submitting the message var textsend = document.getelementbyid(“text-view”); var submitmsg = document.getelementbyid(“tsend-button”); //handling the click event submitmsg.onclick = function ( ) { // send the data socket.send( textsend.value); }
note − sending the messages is only possible if the connection is open.
close ( )
this method stands for goodbye handshake. it terminates the connection completely and no data can be transferred until the connection is re-established.
var textsend = document.getelementbyid(“text-view”); var buttonstop = document.getelementbyid(“stop-button”); //handling the click event buttonstop.onclick = function ( ) { // close the connection if open if (socket.readystate === websocket.open){ socket.close( ); } }
it is also possible to close the connection deliberately with the help of following code snippet −
socket.close(1000,”deliberate connection”);
once a connection has been established between the client and the server, the open event is fired from web socket instance. it is called as the initial handshake between client and server.
the event, which is raised once the connection is established, is called the onopen. creating web socket connections is really simple. all you have to do is call the websocket constructor and pass in the url of your server.
the following code is used to create a web socket connection −
// create a new websocket. var socket = new websocket('ws://echo.websocket.org');
once the connection has been established, the open event will be fired on your web socket instance.
onopen refers to the initial handshake between client and the server which has lead to the first deal and the web application is ready to transmit the data.
the following code snippet describes opening the connection of web socket protocol −
socket.onopen = function(event) { console.log(“connection established”); // display user friendly messages for the successful establishment of connection var.label = document.getelementbyid(“status”); label.innerhtml = ”connection established”; }
it is a good practice to provide appropriate feedback to the users waiting for the web socket connection to be established. however, it is always noted that web socket connections are comparatively fast.
the demo of the web socket connection established is documented in the given url − https://www.websocket.org/echo.html
a snapshot of the connection establishment and response to the user is shown below −

establishing an open state allows full duplex communication and transfer of messages until the connection is terminated.
example
building up the client-html5 file.
<!doctype html> <html> <meta charset = "utf-8" /> <title>websocket test</title> <script language = "javascript" type = "text/javascript"> var wsuri = "ws://echo.websocket.org/"; var output; function init() { output = document.getelementbyid("output"); testwebsocket(); } function testwebsocket() { websocket = new websocket(wsuri); websocket.onopen = function(evt) { onopen(evt) }; } function onopen(evt) { writetoscreen("connected"); } window.addeventlistener("load", init, false); </script> <h2>websocket test</h2> <div id = "output"></div> </html>
the output will be as follows −

the above html5 and javascript file shows the implementation of two events of web socket, namely −
onload which helps in creation of javascript object and initialization of connection.
onopen establishes connection with the server and also sends the status.
once a connection has been established between the client and the server, an open event is fired from the web socket instance. error are generated for mistakes, which take place during the communication. it is marked with the help of onerror event. onerror is always followed by termination of connection.
the onerror event is fired when something wrong occurs between the communications. the event onerror is followed by a connection termination, which is a close event.
a good practice is to always inform the user about the unexpected error and try to reconnect them.
socket.onclose = function(event) { console.log("error occurred."); // inform the user about the error. var label = document.getelementbyid("status-label"); label.innerhtml = "error: " + event; }
when it comes to error handling, you have to consider both internal and external parameters.
internal parameters include errors that can be generated because of the bugs in your code, or unexpected user behavior.
external errors have nothing to do with the application; rather, they are related to parameters, which cannot be controlled. the most important one is the network connectivity.
any interactive bidirectional web application requires, well, an active internet connection.
checking network availability
imagine that your users are enjoying your web app, when suddenly the network connection becomes unresponsive in the middle of their task. in modern native desktop and mobile applications, it is a common task to check for network availability.
the most common way of doing so is simply making an http request to a website that is supposed to be up (for example, http://www.google.com). if the request succeeds, the desktop or mobile device knows there is active connectivity. similarly, html has xmlhttprequest for determining network availability.
html5, though, made it even easier and introduced a way to check whether the browser can accept web responses. this is achieved via the navigator object −
if (navigator.online) { alert("you are online"); }else { alert("you are offline"); }
offline mode means that either the device is not connected or the user has selected the offline mode from browser toolbar.
here is how to inform the user that the network is not available and try to reconnect when a websocket close event occurs −
socket.onclose = function (event) { // connection closed. // firstly, check the reason. if (event.code != 1000) { // error code 1000 means that the connection was closed normally. // try to reconnect. if (!navigator.online) { alert("you are offline. please connect to the internet and try again."); } } }
demo for receiving error messages
the following program explains how to show error messages using web sockets −
<!doctype html> <html> <meta charset = "utf-8" /> <title>websocket test</title> <script language = "javascript" type = "text/javascript"> var wsuri = "ws://echo.websocket.org/"; var output; function init() { output = document.getelementbyid("output"); testwebsocket(); } function testwebsocket() { websocket = new websocket(wsuri); websocket.onopen = function(evt) { onopen(evt) }; websocket.onclose = function(evt) { onclose(evt) }; websocket.onerror = function(evt) { onerror(evt) }; } function onopen(evt) { writetoscreen("connected"); dosend("websocket rocks"); } function onclose(evt) { writetoscreen("disconnected"); } function onerror(evt) { writetoscreen('<span style = "color: red;">error:</span> ' + evt.data); } function dosend(message) { writetoscreen("sent: " + message); websocket.send(message); } function writetoscreen(message) { var pre = document.createelement("p"); pre.style.wordwrap = "break-word"; pre.innerhtml = message; output.appendchild(pre); } window.addeventlistener("load", init, false); </script> <h2>websocket test</h2> <div id = "output"></div> </html>
the output is as follows −

the message event takes place usually when the server sends some data. messages sent by the server to the client can include plain text messages, binary data, or images. whenever data is sent, the onmessage function is fired.
this event acts as a client's ear to the server. whenever the server sends data, the onmessage event gets fired.
the following code snippet describes opening the connection of web socket protocol.
connection.onmessage = function(e){ var server_message = e.data; console.log(server_message); }
it is also necessary to take into account what kinds of data can be transferred with the help of web sockets. web socket protocol supports text and binary data. in terms of javascript, text refers to as a string, while binary data is represented like arraybuffer.
web sockets support only one binary format at a time. the declaration of binary data is done explicitly as follows −
socket.binarytype = ”arraybuffer”; socket.binarytype = ”blob”;
strings
strings are considered to be useful, dealing with human readable formats such as xml and json. whenever onmessage event is raised, client needs to check the data type and act accordingly.
the code snippet for determining the data type as string is mentioned below −
socket.onmessage = function(event){ if(typeof event.data === string ) { console.log(“received data string”); } }
json (javascript object notation)
it is a lightweight format for transferring human-readable data between the computers. the structure of json consists of key-value pairs.
example
{ name: “james devilson”, message: “hello world!” }
the following code shows how to handle a json object and extract its properties −
socket.onmessage = function(event) { if(typeof event.data === string ){ //create a json object var jsonobject = json.parse(event.data); var username = jsonobject.name; var message = jsonobject.message; console.log(“received data string”); } }
xml
parsing in xml is not difficult, though the techniques differ from browser to browser. the best method is to parse using third party library like jquery.
in both xml and json, the server responds as a string, which is being parsed at the client end.
arraybuffer
it consists of a structured binary data. the enclosed bits are given in an order so that the position can be easily tracked. arraybuffers are handy to store the image files.
receiving data using arraybuffers is fairly simple. the operator instanceof is used instead of equal operator.
the following code shows how to handle and receive an arraybuffer object −
socket.onmessage = function(event) { if(event.data instanceof arraybuffer ){ var buffer = event.data; console.log(“received arraybuffer”); } }
demo application
the following program code shows how to send and receive messages using web sockets.
<!doctype html> <html> <meta charset = "utf-8" /> <title>websocket test</title> <script language = "javascript" type = "text/javascript"> var wsuri = "ws://echo.websocket.org/"; var output; function init() { output = document.getelementbyid("output"); testwebsocket(); } function testwebsocket() { websocket = new websocket(wsuri); websocket.onopen = function(evt) { onopen(evt) }; websocket.onmessage = function(evt) { onmessage(evt) }; websocket.onerror = function(evt) { onerror(evt) }; } function onopen(evt) { writetoscreen("connected"); dosend("websocket rocks"); } function onmessage(evt) { writetoscreen('<span style = "color: blue;">response: ' + evt.data+'</span>'); websocket.close(); } function onerror(evt) { writetoscreen('<span style="color: red;">error:</span> ' + evt.data); } function dosend(message) { writetoscreen("sent: " + message); websocket.send(message); } function writetoscreen(message) { var pre = document.createelement("p"); pre.style.wordwrap = "break-word"; pre.innerhtml = message; output.appendchild(pre); } window.addeventlistener("load", init, false); </script> <h2>websocket test</h2> <div id = "output"></div> </html>
the output is shown below.

close event marks the end of a communication between the server and the client. closing a connection is possible with the help of onclose event. after marking the end of communication with the help of onclose event, no messages can be further transferred between the server and the client. closing the event can occur due to poor connectivity as well.
the close() method stands for goodbye handshake. it terminates the connection and no data can be exchanged unless the connection opens again.
similar to the previous example, we call the close() method when the user clicks on the second button.
var textview = document.getelementbyid("text-view"); var buttonstop = document.getelementbyid("stop-button"); buttonstop.onclick = function() { // close the connection, if open. if (socket.readystate === websocket.open) { socket.close(); } }
it is also possible to pass the code and reason parameters we mentioned earlier as shown below.
socket.close(1000, "deliberate disconnection");
the following code gives a complete overview of how to close or disconnect a web socket connection −
<!doctype html> <html> <meta charset = "utf-8" /> <title>websocket test</title> <script language = "javascript" type = "text/javascript"> var wsuri = "ws://echo.websocket.org/"; var output; function init() { output = document.getelementbyid("output"); testwebsocket(); } function testwebsocket() { websocket = new websocket(wsuri); websocket.onopen = function(evt) { onopen(evt) }; websocket.onclose = function(evt) { onclose(evt) }; websocket.onmessage = function(evt) { onmessage(evt) }; websocket.onerror = function(evt) { onerror(evt) }; } function onopen(evt) { writetoscreen("connected"); dosend("websocket rocks"); } function onclose(evt) { writetoscreen("disconnected"); } function onmessage(evt) { writetoscreen('<span style = "color: blue;">response: ' + evt.data+'</span>'); websocket.close(); } function onerror(evt) { writetoscreen('<span style = "color: red;">error:</span> ' + evt.data); } function dosend(message) { writetoscreen("sent: " + message); websocket.send(message); } function writetoscreen(message) { var pre = document.createelement("p"); pre.style.wordwrap = "break-word"; pre.innerhtml = message; output.appendchild(pre); } window.addeventlistener("load", init, false); </script> <h2>websocket test</h2> <div id = "output"></div> </html>
the output is as follows −

a web socket server is a simple program, which has the ability to handle web socket events and actions. it usually exposes similar methods to the web socket client api and most programming languages provide an implementation. the following diagram illustrates the communication process between a web socket server and a web socket client, emphasizing the triggered events and actions.
the following diagram shows a web socket server and client event triggering −

connecting to the web server
the web socket server works in a similar way to the web socket clients. it responds to events and performs actions when necessary. regardless of the programming language used, every web socket server performs some specific actions.
it is initialized to a web socket address. it handles onopen, onclose, and onmessage events, and sends messages to the clients too.
creating a web socket server instance
every web socket server needs a valid host and port. an example of creating a web socket instance in server is as follows −
var server = new websocketserver("ws://localhost:8181");
any valid url can be used with the specification of a port, which was not used earlier. it is very useful to keep a record of the connected clients, as it provides details with different data or send different messages to each one.
fleck represents the incoming connections (clients) with the iwebsocketconnection interface. whenever someone connects or disconnects from our service, empty list can be created or updated.
var clients = new list<iwebsocketconnection>();
after that, we can call the start method and wait for the clients to connect. after starting, the server is able to accept incoming connections. in fleck, the start method needs a parameter, which indicates the socket that raised the events −
server.start(socket) => { });
onopen event
the onopen event determines that a new client has requested access and performs an initial handshake. the client should be added to the list and probably the information should be stored related to it, such as the ip address. fleck provides us with such information, as well as a unique identifier for the connection.
server.start(socket) ⇒ { socket.onopen = () ⇒ { // add the incoming connection to our list. clients.add(socket); } // handle the other events here... });
onclose event
the onclose event is raised whenever a client is disconnected. the client is removed from the list and informs the rest of clients about the disconnection.
socket.onclose = () ⇒ { // remove the disconnected client from the list. clients.remove(socket); };
onmessage event
the onmessage event is raised when a client sends data to the server. inside this event handler, the incoming message can be transmitted to the clients, or probably select only some of them.
the process is simple. note that this handler takes a string named message as a parameter −
socket.onmessage = () ⇒ { // display the message on the console. console.writeline(message); };
send () method
the send() method simply transmits the desired message to the specified client. using send(), text or binary data can be stored across the clients.
the working of onmessage event is as follows −
socket.onmessage = () ⇒ { foreach (var client in clients) { // send the message to everyone! // also, send the client connection's unique identifier in order // to recognize who is who. client.send(client.connectioninfo.id + " says: " + message); } };
api – definition
api, an abbreviation of application program interface, is a set of routines, protocols, and tools for building software applications.
some important features are −
the api specifies how software components should interact and apis should be used when programming graphical user interface (gui) components.
a good api makes it easier to develop a program by providing all the building blocks.
rest, which typically runs over http is often used in mobile applications, social websites, mashup tools, and automated business processes.
the rest style emphasizes that interactions between the clients and services is enhanced by having a limited number of operations (verbs).
flexibility is provided by assigning resources; their own unique universal resource identifiers (uris).
rest avoids ambiguity because each verb has a specific meaning (get, post, put and delete)
advantages of web socket
web socket solves a few issues with rest, or http in general −
bidirectional
http is a unidirectional protocol where the client always initiates a request. the server processes and returns a response, and then the client consumes it. web socket is a bi-directional protocol where there are no predefined message patterns such as request/response. either the client or the server can send a message to the other party.
full duplex
http allows the request message to go from the client to the server and then the server sends a response message to the client. at a given time, either the client is talking to the server or the server is talking to the client. web socket allows the client and the server to talk independent of each other.
single tcp connection
typically, a new tcp connection is initiated for an http request and terminated after the response is received. a new tcp connection needs to be established for another http request/response. for web socket, the http connection is upgraded using standard http upgrade mechanism and the client and the server communicate over that same tcp connection for the lifecycle of web socket connection.
the graph given below shows the time (in milliseconds) taken to process n messages for a constant payload size.

here is the raw data that feeds this graph −

the graph and the table given above show that the rest overhead increases with the number of messages. this is true because that many tcp connections need to be initiated and terminated and that many http headers need to be sent and received.
the last column particularly shows the multiplication factor for the amount of time to fulfil a rest request.
the second graph shows the time taken to process a fixed number of messages by varying the payload size.

here is the raw data that feeds this graph −

this graph shows that the incremental cost of processing the request/response for a rest endpoint is minimal and most of the time is spent in connection initiation/termination and honoring http semantics.
conclusion
web socket is a low-level protocol. everything, including a simple request/response design pattern, how to create/update/delete resources need, status codes etc. to be builds on top of it. all of these are well defined for http.
web socket is a stateful protocol whereas http is a stateless protocol. web socket connections can scale vertically on a single server whereas http can scale horizontally. there are some proprietary solutions for web socket horizontal scaling, but they are not based on standards. http comes with a lot of other goodies such as caching, routing, and multiplexing. all of these need to be defined on top of web socket.
the following program code describes the working of a chat application using javascript and web socket protocol.
<!doctype html> <html lang = "en"> <head> <meta charset = utf-8> <title>html5 chat</title> <body> <section id = "wrapper"> <header> <h1>html5 chat</h1> </header> <style> #chat { width: 97%; } .message { font-weight: bold; } .message:before { content: ' '; color: #bbb; font-size: 14px; } #log { overflow: auto; max-height: 300px; list-style: none; padding: 0; } #log li { border-top: 1px solid #ccc; margin: 0; padding: 10px 0; } body { font: normal 16px/20px "helvetica neue", helvetica, sans-serif; background: rgb(237, 237, 236); margin: 0; margin-top: 40px; padding: 0; } section, header { display: block; } #wrapper { width: 600px; margin: 0 auto; background: #fff; border-radius: 10px; border-top: 1px solid #fff; padding-bottom: 16px; } h1 { padding-top: 10px; } h2 { font-size: 100%; font-style: italic; } header, article > * { margin: 20px; } #status { padding: 5px; color: #fff; background: #ccc; } #status.fail { background: #c00; } #status.success { background: #0c0; } #status.offline { background: #c00; } #status.online { background: #0c0; } #html5badge { margin-left: -30px; border: 0; } #html5badge img { border: 0; } </style> <article> <form onsubmit = "addmessage(); return false;"> <input type = "text" id = "chat" placeholder = "type and press enter to chat" /> </form> <p id = "status">not connected</p> <p>users connected: <span id = "connected">0 </span></p> <ul id = "log"></ul> </article> <script> connected = document.getelementbyid("connected"); log = document.getelementbyid("log"); chat = document.getelementbyid("chat"); form = chat.form; state = document.getelementbyid("status"); if (window.websocket === undefined) { state.innerhtml = "sockets not supported"; state.classname = "fail"; }else { if (typeof string.prototype.startswith != "function") { string.prototype.startswith = function (str) { return this.indexof(str) == 0; }; } window.addeventlistener("load", onload, false); } function onload() { var wsuri = "ws://127.0.0.1:7777"; websocket = new websocket(wsuri); websocket.onopen = function(evt) { onopen(evt) }; websocket.onclose = function(evt) { onclose(evt) }; websocket.onmessage = function(evt) { onmessage(evt) }; websocket.onerror = function(evt) { onerror(evt) }; } function onopen(evt) { state.classname = "success"; state.innerhtml = "connected to server"; } function onclose(evt) { state.classname = "fail"; state.innerhtml = "not connected"; connected.innerhtml = "0"; } function onmessage(evt) { // there are two types of messages: // 1. a chat participant message itself // 2. a message with a number of connected chat participants var message = evt.data; if (message.startswith("log:")) { message = message.slice("log:".length); log.innerhtml = '<li class = "message">' + message + "</li>" + log.innerhtml; }else if (message.startswith("connected:")) { message = message.slice("connected:".length); connected.innerhtml = message; } } function onerror(evt) { state.classname = "fail"; state.innerhtml = "communication error"; } function addmessage() { var message = chat.value; chat.value = ""; websocket.send(message); } </script> </section> </body> </head> </html>
the key features and the output of the chat application are discussed below −
to test, open the two windows with web socket support, type a message above and press return. this would enable the feature of chat application.
if the connection is not established, the output is available as shown below.

the output of a successful chat communication is shown below.

the web has been largely built around the request/response paradigm of http. a client loads up a web page and then nothing happens until the user clicks onto the next page. around 2005, ajax started to make the web feel more dynamic. still, all http communication is steered by the client, which requires user interaction or periodic polling to load new data from the server.
technologies that enable the server to send the data to a client in the very moment when it knows that new data is available have been around for quite some time. they go by names such as "push" or “comet”.
with long polling, the client opens an http connection to the server, which keeps it open until sending response. whenever the server actually has new data, it sends the response. long polling and the other techniques work quite well. however, all of these share one problem, they carry the overhead of http, which does not make them well suited for low latency applications. for example, a multiplayer shooter game in the browser or any other online game with a real-time component.
bringing sockets to the web
the web socket specification defines an api establishing "socket" connections between a web browser and a server. in layman terms, there is a persistent connection between the client and the server and both parties can start sending data at any time.
web socket connection can be simply opened using a constructor −
var connection = new websocket('ws://html5rocks.websocket.org/echo', ['soap', 'xmpp']);
ws is the new url schema for websocket connections. there is also wss, for secure websocket connection the same way https is used for secure http connections.
attaching some event handlers immediately to the connection allows you to know when the connection is opened, received incoming messages, or there is an error.
the second argument accepts optional subprotocols. it can be a string or an array of strings. each string should represent a subprotocol name and server accepts only one of passed subprotocols in the array. accepted subprotocol can be determined by accessing protocol property of websocket object.
// when the connection is open, send some data to the server connection.onopen = function () { connection.send('ping'); // send the message 'ping' to the server }; // log errors connection.onerror = function (error) { console.log('websocket error ' + error); }; // log messages from the server connection.onmessage = function (e) { console.log('server: ' + e.data); };
communicating with the server
as soon as we have a connection to the server (when the open event is fired) we can start sending data to the server using the send (your message) method on the connection object. it used to support only strings, but in the latest specification, it now can send binary messages too. to send binary data, blob or arraybuffer object is used.
// sending string connection.send('your message'); // sending canvas imagedata as arraybuffer var img = canvas_context.getimagedata(0, 0, 400, 320); var binary = new uint8array(img.data.length); for (var i = 0; i < img.data.length; i++) { binary[i] = img.data[i]; } connection.send(binary.buffer); // sending file as blob var file = document.queryselector('input[type = "file"]').files[0]; connection.send(file);
equally, the server might send us messages at any time. whenever this happens the onmessage callback fires. the callback receives an event object and the actual message is accessible via the data
property.
websocket can also receive binary messages in the latest spec. binary frames can be received in blob or arraybuffer format. to specify the format of the received binary, set the binarytype property of websocket object to either 'blob' or 'arraybuffer'. the default format is 'blob'.
// setting binarytype to accept received binary as either 'blob' or 'arraybuffer' connection.binarytype = 'arraybuffer'; connection.onmessage = function(e) { console.log(e.data.bytelength); // arraybuffer object if binary };
another newly added feature of websocket is extensions. using extensions, it will be possible to send frames compressed, multiplexed, etc.
// determining accepted extensions console.log(connection.extensions);
cross-origin communication
being a modern protocol, cross-origin communication is baked right into websocket. websocket enables communication between parties on any domain. the server decides whether to make its service available to all clients or only those that reside on a set of well-defined domains.
proxy servers
every new technology comes with a new set of problems. in the case of websocket it is the compatibility with proxy servers, which mediate http connections in most company networks. the websocket protocol uses the http upgrade system (which is normally used for http/ssl) to "upgrade" an http connection to a websocket connection. some proxy servers do not like this and will drop the connection. thus, even if a given client uses the websocket protocol, it may not be possible to establish a connection. this makes the next section even more important :)
the server side
using websocket creates a whole new usage pattern for server side applications. while traditional server stacks such as lamp are designed around the http request/response cycle they often do not deal well with a large number of open websocket connections. keeping a large number of connections open at the same time requires an architecture that receives high concurrency at a low performance cost.
protocol should be designed for security reasons. websocket is a brand-new protocol and not all web browsers implement it correctly. for example, some of them still allow the mix of http and ws, although the specification implies the opposite. in this chapter, we will discuss a few common security attacks that a user should be aware of.
denial of service
denial of service (dos) attacks attempt to make a machine or network resource unavailable to the users that request it. suppose someone makes an infinite number of requests to a web server with no or tiny time intervals. the server is not able to handle each connection and will either stop responding or will keep responding too slowly. this can be termed as denial of service attack.
denial of service is very frustrating for the end users, who could not even load a web page.
dos attack can even apply on peer-to-peer communications, forcing the clients of a p2p network to concurrently connect to the victim web server.
man-in-the-middle
let us understand this with the help of an example.
suppose a person a is chatting with his friend b via an im client. some third person wants to view the messages you exchange. so, he makes an independent connections with both the persons. he also sends messages to person a and his friend b, as an invisible intermediate to your communication. this is known as a man-in-the-middle attack.
the man-in-the-middle kind of attack is easier for unencrypted connections, as the intruder can read the packages directly. when the connection is encrypted, the information has to be decrypted by the attacker, which might be way too difficult.
from a technical aspect, the attacker intercepts a public-key message exchange and sends the message while replacing the requested key with his own. obviously, a solid strategy to make the attacker's job difficult is to use ssh with websockets.
mostly when exchanging critical data, prefer the wss secure connection instead of the unencrypted ws.
xss
cross-site scripting (xss) is a vulnerability that enables attackers to inject client-side scripts into web pages or applications. an attacker can send html or javascript code using your application hubs and let this code be executed on the clients' machines.
websocket native defense mechanisms
by default, the websocket protocol is designed to be secure. in the real world, the user might encounter various issues that might occur due to poor browser implementation. as time goes by, browser vendors fix any issues immediately.
an extra layer of security is added when secure websocket connection over ssh (or tls) is used.
in the websocket world, the main concern is about the performance of a secure connection. although there is still an extra tls layer on top, the protocol itself contains optimizations for this kind of use, furthermore, wss works more sleekly through proxies.
client-to-server masking
every message transmitted between a websocket server and a websocket client contains a specific key, named masking key, which allows any websocket-compliant intermediaries to unmask and inspect the message. if the intermediary is not websocket-compliant, then the message cannot be affected. the browser that implements the websocket protocol handles masking.
security toolbox
finally, useful tools can be presented to investigate the flow of information between your websocket clients and server, analyze the exchanged data, and identify possible risks.
browser developer tools
chrome, firefox, and opera are great browsers in terms of developer support. their built-in tools help us determine almost any aspect of client-side interactions and resources. it plays a great role for security purposes.
websocket, as the name implies, is something that uses the web. the web is usually interwoven with browser pages because that are the primary means of displaying data online. however, non-browser programs too, use online data transmission.
the release of the iphone (initially) and the ipad (later) introduced a brand new world of web interconnectivity without necessarily using a web browser. instead, the new smartphone and tablet devices utilized the power of native apps to offer a unique user experience.
why mobile matters?
currently, there are one billion active smartphones out there. that is, millions of potential customers for your applications. these people use their mobile phone to accomplish daily tasks, surf the internet, communicate, or shop.
smartphones have become synonymous to apps. nowadays, there is an app for any usage, a user can think of. most of the apps connect to the internet in order to retrieve data, make transactions, gather news, and so on.
it would be great to use the existing websocket knowledge and develop a websocket client running natively on a smartphone or tablet device.
native mobile app vs mobile website
well, this is a common conflict and as usual, the answer depends on the needs of the target audience. if a user is familiar with the modern design trends, designing a website that is responsive and mobile friendly is now a must. however, the end user must be sure that the content, which is what really matters, is equally accessible via a smartphone, as it is via a classic desktop browser.
definitely, a websocket web app will run on any html5-compliant browser, including mobile browsers such as safari for ios and chrome for mobile. therefore, there are no worries about compatibility issues with smartphones.
prerequisites
in order to develop a smartphone app, installation of development tools and sdks are required.

websockets can act as a universal hub for transmitting messages between connected mobile and tablet clients. we can implement a native ios application, which communicates with a websocket server just like the html5 javascript client.