Merge pull request #2498 from fredjiles/auth-previous-session

weaverryan · weaverryan · commit ae82f73761ec · 2013-05-03T11:21:15.000-07:00
Add require_previous_session option to security configuration
diff --git a/reference/configuration/security.rst b/reference/configuration/security.rst
@@ -147,6 +147,10 @@ Each part will be explained in the next section.
                         # by default, the login form *must* be a POST, not a GET
                         post_only:      true
                         remember_me:    false
+
+                        # by default, a session must exist before submitting an authentication request
+                        require_previous_session: true
+
                     remember_me:
                         token_provider: name
                         key: someS3cretKey
