[whatwg] HttpOnly cookie for WebSocket?
wenboz at google.com
Thu Jan 28 03:05:46 PST 2010
On Thu, Jan 28, 2010 at 12:12 AM, Fumitoshi Ukai (鵜飼文敏)
<ukai at chromium.org>wrote:
> May/Should WebSocket use HttpOnly cookie while Handshaking?
WebSocket is a "stateful" protocol, and its cookie support is only
applicable in interacting with the HTTP context .. and therefore the spec
should simply refer to what's specified for HTTP for clarification ...
I think it would be useful to use HttpOnly cookie on WebSocket so that we
> could authenticate the WebSocket connection by the auth token cookie which
> might be HttpOnly for security reason.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the whatwg