On Thu, Jan 28, 2010 at 12:12 AM, Fumitoshi Ukai (鵜飼文敏) <[email protected]>wrote:
> May/Should WebSocket use HttpOnly cookie while Handshaking? WebSocket is a "stateful" protocol, and its cookie support is only applicable in interacting with the HTTP context .. and therefore the spec should simply refer to what's specified for HTTP for clarification ... - Wenbo I think it would be useful to use HttpOnly cookie on WebSocket so that we > could authenticate the WebSocket connection by the auth token cookie which > might be HttpOnly for security reason. > > http://www.ietf.org/id/draft-ietf-httpstate-cookie-02.txt > > -- > ukai > >
