- From: Wenbo Zhu <wenboz@google.com>
- Date: Thu, 28 Jan 2010 03:05:46 -0800
On Thu, Jan 28, 2010 at 12:12 AM, Fumitoshi Ukai (????) <ukai at chromium.org>wrote: > May/Should WebSocket use HttpOnly cookie while Handshaking? WebSocket is a "stateful" protocol, and its cookie support is only applicable in interacting with the HTTP context .. and therefore the spec should simply refer to what's specified for HTTP for clarification ... - Wenbo I think it would be useful to use HttpOnly cookie on WebSocket so that we > could authenticate the WebSocket connection by the auth token cookie which > might be HttpOnly for security reason. > > http://www.ietf.org/id/draft-ietf-httpstate-cookie-02.txt > > -- > ukai > > -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.whatwg.org/pipermail/whatwg-whatwg.org/attachments/20100128/2e5bfa91/attachment.htm>
Received on Thursday, 28 January 2010 03:05:46 UTC