# HG changeset patch
# User Denis Laxalde <denis.laxalde@logilab.fr>
# Date 1457344031 -3600
# Node ID 2bf1eabb2bbd33c511ccb28d93411044d6732086
# Parent  18348ac158db1f1f47adee6c92f786b6cc7ffb2b
Document how to configure the "secure" flag for authentication policies

Closes #11376233.

diff -r 18348ac158db -r 2bf1eabb2bbd docs/narr/settings.rst
--- a/docs/narr/settings.rst	Thu Jan 21 15:20:55 2016 +0100
+++ b/docs/narr/settings.rst	Mon Mar 07 10:47:11 2016 +0100
@@ -154,6 +154,15 @@
 
         (1 day) Reissue time in seconds.
 
+    Both policies set the ``secure`` flag to ``True`` by default, meaning that
+    cookies will only be sent back over a secure connection (see
+    `Authentication Policies documentation`_ for details). This can be
+    configured through :confval:`cubicweb.auth.authtkt.persistent.secure` and
+    :confval:`cubicweb.auth.authtkt.session.secure` configuration options.
+
+    .. _`Authentication Policies documentation`: \
+        http://docs.pylonsproject.org/projects/pyramid/en/latest/api/authentication.html
+
 .. confval:: cubicweb.auth.groups_principals (bool)
 
     (True) Setup a callback on the authentication stack that inject the user