The first websocket message is the original request, which will have the users cookies / headers where your session information / bearer token should live.