W3C home > Mailing lists > Public > whatwg@whatwg.org > February 2010

[whatwg] HttpOnly cookie for WebSocket?

From: Ian Hickson <ian@hixie.ch>
Date: Mon, 1 Feb 2010 08:42:03 +0000 (UTC)
Message-ID: <Pine.LNX.4.64.1002010841360.3846@ps20323.dreamhostps.com>
On Thu, 28 Jan 2010, Fumitoshi Ukai (??~\????~V~G?~U~O) wrote:
>
> May/Should WebSocket use HttpOnly cookie while Handshaking? I think it 
> would be useful to use HttpOnly cookie on WebSocket so that we could 
> authenticate the WebSocket connection by the auth token cookie which 
> might be HttpOnly for security reason.
> 
> http://www.ietf.org/id/draft-ietf-httpstate-cookie-02.txt

I've updated the spec to explicitly include HttpOnly cookies.

-- 
Ian Hickson               U+1047E                )\._.,--....,'``.    fL
http://ln.hixie.ch/       U+263A                /,   _.. \   _\  ;`._ ,.
Things that are impossible just take longer.   `._.-(,_..'--(,_..'`-.;.'
Received on Monday, 1 February 2010 00:42:03 UTC

This archive was generated by hypermail 2.4.0 : Wednesday, 22 January 2020 16:59:20 UTC