[whatwg] HttpOnly cookie for WebSocket?
Wenbo Zhu
wenboz at google.com
Thu Jan 28 03:05:46 PST 2010
On Thu, Jan 28, 2010 at 12:12 AM, Fumitoshi Ukai (鵜飼文敏)
<ukai at chromium.org>wrote:
> May/Should WebSocket use HttpOnly cookie while Handshaking?
WebSocket is a "stateful" protocol, and its cookie support is only
applicable in interacting with the HTTP context .. and therefore the spec
should simply refer to what's specified for HTTP for clarification ...
- Wenbo
I think it would be useful to use HttpOnly cookie on WebSocket so that we
> could authenticate the WebSocket connection by the auth token cookie which
> might be HttpOnly for security reason.
>
> http://www.ietf.org/id/draft-ietf-httpstate-cookie-02.txt
>
> --
> ukai
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.whatwg.org/pipermail/whatwg-whatwg.org/attachments/20100128/2e5bfa91/attachment.htm>
More information about the whatwg
mailing list