According to http://www.rfc-editor.org/authors/rfc6455.txt and http://dev.w3.org/html5/websockets/ I'd say the cookies should be sent over WebSocket (for obvious reasons of authentication precisely; such as GMail authenticating automatically over WebSocket as it authenticates over HTTP when loading the web page –GMail isn't using WebSocket but I believe it's in the works at Google–), now in practice I guess it highly depends on both the browsers and the server implementations.
-- You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group. To view this discussion on the web visit https://groups.google.com/d/msg/google-web-toolkit/-/uFOFjbkrytwJ. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.
