<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#ffffff">
Hi,<br>
<br>
a new IETF wg has been formed to take care of WebSocket protocol <br>
HyBi: <a class="moz-txt-link-freetext" href="http://tools.ietf.org/wg/hybi/charters">http://tools.ietf.org/wg/hybi/charters</a><br>
So, this issue is something it should be discussed there<br>
(btw I am forwdard it to the HyBi ml)<br>
<br>
N.B. to subscribe to the HyBi ml: <a
href="https://www.ietf.org/mailman/listinfo/hybi">https://www.ietf.org/mailman/listinfo/hybi</a><br>
<br>
<br>
/Sal<br>
<br>
<pre wrap="">A new IETF working group has been formed in the Applications Area.
<span class="moz-txt-citetags">> </span>For additional information, please contact the Area Directors or the
<span class="moz-txt-citetags">> </span>WG Chairs.
<span class="moz-txt-citetags">></span>
<span class="moz-txt-citetags">> </span>BiDirectional or Server-Initiated HTTP (hybi)
</pre>
<br>
<br>
On 01/28/2010 10:12 AM, Fumitoshi Ukai (鵜飼文敏) wrote:
<blockquote
cite="mid:de17d48e1001280012i2657b587i83cda30f50013e6b@mail.gmail.com"
type="cite">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
May/Should WebSocket use HttpOnly cookie while Handshaking?
<div>I think it would be useful to use HttpOnly cookie on WebSocket
so that we could authenticate the WebSocket connection by the auth
token cookie which might be HttpOnly for security reason.<br>
<div><br>
</div>
<div><a moz-do-not-send="true"
href="http://www.ietf.org/id/draft-ietf-httpstate-cookie-02.txt">http://www.ietf.org/id/draft-ietf-httpstate-cookie-02.txt</a></div>
<div><br>
</div>
<div>-- </div>
<div>ukai</div>
<div><br>
</div>
</div>
</blockquote>
<br>
</body>
</html>