[whatwg] HttpOnly cookie for WebSocket?
Salvatore Loreto
salvatore.loreto at ericsson.com
Thu Jan 28 00:38:04 PST 2010
Hi,
a new IETF wg has been formed to take care of WebSocket protocol
HyBi: http://tools.ietf.org/wg/hybi/charters
So, this issue is something it should be discussed there
(btw I am forwdard it to the HyBi ml)
N.B. to subscribe to the HyBi ml: https://www.ietf.org/mailman/listinfo/hybi
/Sal
A new IETF working group has been formed in the Applications Area.
> For additional information, please contact the Area Directors or the
> WG Chairs.
>
> BiDirectional or Server-Initiated HTTP (hybi)
On 01/28/2010 10:12 AM, Fumitoshi Ukai (鵜飼文敏) wrote:
> May/Should WebSocket use HttpOnly cookie while Handshaking?
> I think it would be useful to use HttpOnly cookie on WebSocket so that
> we could authenticate the WebSocket connection by the auth token
> cookie which might be HttpOnly for security reason.
>
> http://www.ietf.org/id/draft-ietf-httpstate-cookie-02.txt
>
> --
> ukai
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.whatwg.org/pipermail/whatwg-whatwg.org/attachments/20100128/52922e9b/attachment.htm>
More information about the whatwg
mailing list