Hi Tony,
On 2019/6/5 00:46, Anthony Scarpino wrote:
125 if (secondSession.getCreationTime() > secondStartTime &&
126 !clientCache && !serverServerless) {
127 throw new RuntimeException("Session was not
reused");
128 }
If the session should be resumed via session ID, beside checking the
creation time, would it be better to compare the session IDs for
double-checking?
the client side in stateless mode sends no session id, as the spec
allows. So the session id has no more value.
If either peer doesn't enable the session ticket extension, the session
would be resumed via old cache way, but not RFC 5077.
For this case, I suppose it would be better to check the session IDs
between two connections.
This checking indicates the session MAY not be resumed via RFC 5077 and
the new properties should work as expected.
Best regards,
John Jiang
