是的，一种选择是使用cookies（和TLS避免饼干劫持）：

Yes, one option is to use cookies (and TLS to avoid cookie hijacking):

小甜饼基于老式HTML表单后设置登录，发送cookie来的WebSocket服务器，并使用cookie来验证的WebSocket。

Have the cookie set after "plain old HTML form based" login, transmit the cookie to WebSocket server, and use the cookie to authenticate the WebSocket.

下面是一个complete这样做的 Mozilla的假面基于身份验证的WebSocket的例子。

Here is a complete example of doing Mozilla Persona based authentication with WebSocket.

您问棘轮，我知。这个例子不棘轮，但它
  可能会给你一些线索 - 这就是为什么我认为这是确定为指向

You asked about Ratchet, I known. This example is not Ratchet, but it might give you some clues - which is why I think it's ok to point to.