Re: Linking a cookie to an IP address is a very bad in 2015...

On 2 April 2015 at 09:39, Zhong Yu <> wrote:
> The new connection will like reuse the same TLS session[1]. The
> browser is not required to do that, but from my tests,
> firefox/IE/chrome on Windows apparently do.

Only if you hit the same server in the cluster, or the cluster has
shared resumption AND session state.  HTTP is a message-based
protocol, binding state to a connection has to be regarded as an
optimization only.

Received on Thursday, 2 April 2015 16:47:59 UTC