[whatwg] HttpOnly cookie for WebSocket?

Wenbo Zhu wenboz at google.com
Thu Jan 28 03:05:46 PST 2010


On Thu, Jan 28, 2010 at 12:12 AM, Fumitoshi Ukai (鵜飼文敏)
<ukai at chromium.org>wrote:

> May/Should WebSocket use HttpOnly cookie while Handshaking?

WebSocket is a "stateful" protocol, and its cookie support is only
applicable in interacting with the HTTP context  .. and therefore the spec
should simply refer to what's specified for HTTP for clarification ...

- Wenbo

I think it would be useful to use HttpOnly cookie on WebSocket so that we
> could authenticate the WebSocket connection by the auth token cookie which
> might be HttpOnly for security reason.
>
> http://www.ietf.org/id/draft-ietf-httpstate-cookie-02.txt
>
> --
> ukai
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.whatwg.org/pipermail/whatwg-whatwg.org/attachments/20100128/2e5bfa91/attachment.htm>


More information about the whatwg mailing list