On Thu, 28 Jan 2010, Ian Fette (�������~U���~C�~F��) wrote: > > So, moving back to the original question... I am very concerned here. A > relatively straightforward question was asked, with rationale for the > question. "May/Should WebSocket use HttpOnly cookie while Handshaking? I > think it would be useful to use HttpOnly cookie on WebSocket so that we > could authenticate the WebSocket connection by the auth token cookie > which might be HttpOnly for security reason." I replied to ukai on IRC -- independent of any politics, I plan to edit the spec as he suggested next week (allowing httpOnly cookies), along with going through all the other pending feedback on the spec. -- Ian Hickson U+1047E )\._.,--....,'``. fL http://ln.hixie.ch/ U+263A /, _.. \ _\ ;`._ ,. Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.'
Note Well: Messages sent to this mailing list are the opinions of the senders and do not imply endorsement by the IETF.