i've a website and using websocket and using cookie to upgrade protocol. But it's easy to write a automatic tool that do this step without using my website. So, i find out another similar website, it's not using cookie, instead it use md5 algorithm to encrypt a session key has been sent to user for verify and upgrade to websocket. But i don' know how they do?
Your mission is find out how they did.