[whatwg] HttpOnly cookie for WebSocket?

Salvatore Loreto salvatore.loreto at ericsson.com
Thu Jan 28 00:38:04 PST 2010


a new IETF wg has been formed to take care of WebSocket protocol
HyBi: http://tools.ietf.org/wg/hybi/charters
So, this issue is something it should be discussed there
(btw I am forwdard it to the HyBi ml)

N.B. to subscribe to the HyBi ml: https://www.ietf.org/mailman/listinfo/hybi


A new IETF working group has been formed in the Applications Area.
>  For additional information, please contact the Area Directors or the
>  WG Chairs.
>  BiDirectional or Server-Initiated HTTP (hybi)

On 01/28/2010 10:12 AM, Fumitoshi Ukai (鵜飼文敏) wrote:
> May/Should WebSocket use HttpOnly cookie while Handshaking?
> I think it would be useful to use HttpOnly cookie on WebSocket so that 
> we could authenticate the WebSocket connection by the auth token 
> cookie which might be HttpOnly for security reason.
> http://www.ietf.org/id/draft-ietf-httpstate-cookie-02.txt
> -- 
> ukai

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.whatwg.org/pipermail/whatwg-whatwg.org/attachments/20100128/52922e9b/attachment-0002.htm>

More information about the whatwg mailing list