- From: Zhong Yu <zhong.j.yu@gmail.com>
- Date: Thu, 2 Apr 2015 11:51:08 -0500
- To: Martin Thomson <martin.thomson@gmail.com>
- Cc: "Eric Vyncke (evyncke)" <evyncke@cisco.com>, "ietf-http-wg@w3.org" <ietf-http-wg@w3.org>
On Thu, Apr 2, 2015 at 11:47 AM, Martin Thomson <martin.thomson@gmail.com> wrote: > On 2 April 2015 at 09:39, Zhong Yu <zhong.j.yu@gmail.com> wrote: >> The new connection will like reuse the same TLS session[1]. The >> browser is not required to do that, but from my tests, >> firefox/IE/chrome on Windows apparently do. > > Only if you hit the same server in the cluster, or the cluster has > shared resumption AND session state. But a session-id cookie will have the same problems. We could embed all session data in a fat cookie, but I don't think that's a common practice. > HTTP is a message-based > protocol, binding state to a connection has to be regarded as an > optimization only.
Received on Thursday, 2 April 2015 16:51:35 UTC