We need the server random and consumer random to forestall replay attacks that an attacker can seize the former session and replay it for the new session.The session key is rarely transmitted in any respect: it can be proven by means of a protected important negoatiaon algorithm. You should Check out your specifics before putting up nonsense such a