Looks like you cannot specify additional headers when creating a
WebSocket connection:
http://stackoverflow.com/questions/4361173/http-headers-in-websockets-cli...
I can't find yet if cookies are supposed to be sent with the initial
HTTP Upgrade request. I think they should be sent by the browser.
Another option is to include the token within the URL, but this is a
security hole: Access logs store urls, and you won't want to transmit
tokens over insecure ws: connections.
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com