[whatwg] HttpOnly cookie for WebSocket?

Ian Hickson ian at hixie.ch
Mon Feb 1 00:42:03 PST 2010

On Thu, 28 Jan 2010, Fumitoshi Ukai (éµ~\飼æ~V~Gæ~U~O) wrote:
> May/Should WebSocket use HttpOnly cookie while Handshaking? I think it 
> would be useful to use HttpOnly cookie on WebSocket so that we could 
> authenticate the WebSocket connection by the auth token cookie which 
> might be HttpOnly for security reason.
> http://www.ietf.org/id/draft-ietf-httpstate-cookie-02.txt

I've updated the spec to explicitly include HttpOnly cookies.

Ian Hickson               U+1047E                )\._.,--....,'``.    fL
http://ln.hixie.ch/       U+263A                /,   _.. \   _\  ;`._ ,.
Things that are impossible just take longer.   `._.-(,_..'--(,_..'`-.;.'

More information about the whatwg mailing list