We can look at web-request handling as a number of nested contexts. An outer context, for example, might cover session management: examining the request to determine if this is another request in an existing session or a new session. An inner context might provide tokens used for form processing that can detect Cross-Site Request Forgeries (CSRF). Another context might handle user authentication within a session.
A conceptual view of the functions explained previously is something like this:
response = content( authentication( csrf( session(headers, request, forms) ) ))
The idea here is that each function can build on the results of the previous function. Each function either enriches the request or rejects it because ...