Hi,
a new IETF wg has been formed to take care of WebSocket protocol
HyBi: http://tools.ietf.org/wg/hybi/charters
So, this issue is something it should be discussed there
(btw I am forwdard it to the HyBi ml)
N.B. to subscribe to the HyBi ml: https://www.ietf.org/mailman/listinfo/hybi
/Sal
A new IETF working group has been formed in the Applications Area.
For additional information, please contact the Area Directors or the
WG Chairs.
BiDirectional or Server-Initiated HTTP (hybi)
On 01/28/2010 10:12 AM, Fumitoshi Ukai (鵜飼文敏) wrote:
May/Should WebSocket use HttpOnly cookie while Handshaking?
I think it would be useful to use HttpOnly cookie on WebSocket so that
we could authenticate the WebSocket connection by the auth token
cookie which might be HttpOnly for security reason.
http://www.ietf.org/id/draft-ietf-httpstate-cookie-02.txt
--
ukai
