- From: Ian Hickson <ian@hixie.ch>
- Date: Mon, 1 Feb 2010 08:42:03 +0000 (UTC)
On Thu, 28 Jan 2010, Fumitoshi Ukai (??~\????~V~G?~U~O) wrote: > > May/Should WebSocket use HttpOnly cookie while Handshaking? I think it > would be useful to use HttpOnly cookie on WebSocket so that we could > authenticate the WebSocket connection by the auth token cookie which > might be HttpOnly for security reason. > > http://www.ietf.org/id/draft-ietf-httpstate-cookie-02.txt I've updated the spec to explicitly include HttpOnly cookies. -- Ian Hickson U+1047E )\._.,--....,'``. fL http://ln.hixie.ch/ U+263A /, _.. \ _\ ;`._ ,. Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.'
Received on Monday, 1 February 2010 00:42:03 UTC