Hi I read your reply and wondered about the repeat message issue. I agree that the message should not repeat, however, if I use the Diffee-Hellmen to generate a different key and then use the AES that I send, theoretically there could be the same ciphertext for a different key meaning that a valid message will not get correctly read. Also the data will be sent fairly often so the chances of this would increase as the amount of hashes that I store increase.
Edit: Another question -
pYro_65:
You can send the initial iv as part of the query string ( or post data ).
Are you saying send an unencrypted key to the server to initialise it?