Hi,
Say I access a web server from my phone using https and Wi-Fi. A TLS tunnel is then set up that among things ciphers the exchanged data using a secret session key.
Now, suppose that before accessing a new page on the website, I switch my network access from Wi-Fi to 4G. My IP address changes and I must open a new TCP socket, a new TLS tunnel and so a new random generated session key is generated. Am I right?
I guess there is no issue because http is a stateless protocol.
Now if I am logged on the website, do I need to log in again though or will I remain connected because of cookie information stored in the cache of my navigator?
NB: sorry about my broken English but I'm not a native speaker
NB: I posted this question on cybersecurity a week ago but it hasn't received much attention so far so I'll try it here
No comments:
Post a Comment