Friday, August 21, 2020

HTTPS and connection

Hi,

Say I access a web server from my phone using https and Wi-Fi. A TLS tunnel is then set up that among things ciphers the exchanged data using a secret session key.

Now, suppose that before accessing a new page on the website, I switch my network access from Wi-Fi to 4G. My IP address changes and I must open a new TCP socket, a new TLS tunnel and so a new random generated session key is generated. Am I right?

I guess there is no issue because http is a stateless protocol.

Now if I am logged on the website, do I need to log in again though or will I remain connected because of cookie information stored in the cache of my navigator?

NB: sorry about my broken English but I'm not a native speaker

NB: I posted this question on cybersecurity a week ago but it hasn't received much attention so far so I'll try it here



No comments:

Post a Comment