From ad24b7cbdf5d834163e7ea49a33d8b71b46fd00b Mon Sep 17 00:00:00 2001
From: Javier Eguiluz <javier.eguiluz@gmail.com>
Date: Wed, 27 Jan 2016 16:25:39 +0100
Subject: [PATCH 1/2] Document the invalidate_session option

---
 reference/configuration/security.rst | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/reference/configuration/security.rst b/reference/configuration/security.rst
index e400ab003a2..28c2d0e73a5 100644
--- a/reference/configuration/security.rst
+++ b/reference/configuration/security.rst
@@ -319,6 +319,19 @@ Redirecting after Login
 
 .. _reference-security-pbkdf2:
 
+Logout Configuration
+--------------------
+
+invalidate_session
+..................
+
+**type**: ``boolean`` **default**: ``true``
+
+By default, the session of the user is invalidated after the log out process.
+This means that the user will be logged out for all the firewalls defined in
+your application. Set this option to ``false`` to only log out from the current
+firewall.
+
 Using the PBKDF2 Encoder: Security and Speed
 --------------------------------------------
 

From 1961194d42b94ad96f8e8a12456120193b1e45c6 Mon Sep 17 00:00:00 2001
From: Javier Eguiluz <javier.eguiluz@gmail.com>
Date: Fri, 29 Jan 2016 17:05:22 +0100
Subject: [PATCH 2/2] Reworded the explanation

---
 reference/configuration/security.rst | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/reference/configuration/security.rst b/reference/configuration/security.rst
index 28c2d0e73a5..53cdb436b5d 100644
--- a/reference/configuration/security.rst
+++ b/reference/configuration/security.rst
@@ -327,10 +327,13 @@ invalidate_session
 
 **type**: ``boolean`` **default**: ``true``
 
-By default, the session of the user is invalidated after the log out process.
-This means that the user will be logged out for all the firewalls defined in
-your application. Set this option to ``false`` to only log out from the current
-firewall.
+By default, when users log out from any firewall, their sessions are invalidated.
+This means that logging out from one firewall automatically logs them out from
+all the other firewalls.
+
+The ``invalidate_session`` option allows to redefine this behavior. Set this
+option to ``false`` in every firewall and the user will only be logged out from
+the current firewall and not the other ones.
 
 Using the PBKDF2 Encoder: Security and Speed
 --------------------------------------------