Out of curiosity — how do you maintain a stable session identity if the underlying transport path changes (for example NAT rebinding or relay migration)?
Is it tied to a cryptographic token or internal session state?