From 8899b9285c5373b1f89b65a15ee95203a4362646 Mon Sep 17 00:00:00 2001
From: Fred Jiles <fredjiles@gmail.com>
Date: Fri, 12 Apr 2013 12:20:11 -0400
Subject: [PATCH] Previous session options to security configuration Add
 documentation for option to set require_previous_session in form login.

---
 reference/configuration/security.rst | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/reference/configuration/security.rst b/reference/configuration/security.rst
index 9d208d605e2..1b6039dfe7d 100644
--- a/reference/configuration/security.rst
+++ b/reference/configuration/security.rst
@@ -147,6 +147,10 @@ Each part will be explained in the next section.
                         # by default, the login form *must* be a POST, not a GET
                         post_only:      true
                         remember_me:    false
+
+                        #by default, a session must exist before submitting an authentication request
+                        require_previous_session: true
+
                     remember_me:
                         token_provider: name
                         key: someS3cretKey