[Webkit-unassigned] [Bug 34289] New: WebSocket ignores HttpOnly cookies, but should use in Handshake.
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Jan 28 16:11:58 PST 2010
https://bugs.webkit.org/show_bug.cgi?id=34289
Summary: WebSocket ignores HttpOnly cookies, but should use in
Handshake.
Product: WebKit
Version: 528+ (Nightly build)
Platform: All
OS/Version: All
Status: NEW
Severity: Normal
Priority: P2
Component: WebCore Misc.
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: ukai at chromium.org
Current implementation ignores HttpOnly cookies in WebSocket handshake.
But in practical use case, Web Sockets will be used in an environment where
users are authenticated, and that in many cases the Web Socket will be
established once the user has logged into a page via HTTP/HTTPS. Assume that a
server may track the logged-in-ness of the client using a HttpOnly cookie, and
that the server-side logic to check whether a user is already logged in could
easily be leveraged for Web Sockets, since it starts as an HTTP connection that
includes cookies and is then upgraded.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list