[whatwg] HttpOnly cookie for WebSocket?

Fumitoshi Ukai (鵜飼文敏) ukai at chromium.org
Thu Jan 28 00:12:27 PST 2010


May/Should WebSocket use HttpOnly cookie while Handshaking?
I think it would be useful to use HttpOnly cookie on WebSocket so that we
could authenticate the WebSocket connection by the auth token cookie which
might be HttpOnly for security reason.

http://www.ietf.org/id/draft-ietf-httpstate-cookie-02.txt

-- 
ukai
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.whatwg.org/pipermail/whatwg-whatwg.org/attachments/20100128/783bb51d/attachment-0001.htm>


More information about the whatwg mailing list