diff --git a/reference/configuration/security.rst b/reference/configuration/security.rst
index 9d208d605e2..dcff7d276e1 100644
--- a/reference/configuration/security.rst
+++ b/reference/configuration/security.rst
@@ -147,6 +147,10 @@ Each part will be explained in the next section.
                         # by default, the login form *must* be a POST, not a GET
                         post_only:      true
                         remember_me:    false
+
+                        # by default, a session must exist before submitting an authentication request
+                        require_previous_session: true
+
                     remember_me:
                         token_provider: name
                         key: someS3cretKey