Forum Discussion
Kevin_Stewart
Nov 16, 2012Employee
Quick answer: HTTP cookie persistence is best.
You can technically use either, and both are good. But know that a) either party in an SSL conversation can (and eventually will) renegotiate the SSL session, and b) it will change the SSL session ID.