From 35532634fadff50f8ec1d67d40afd3b0809579e3 Mon Sep 17 00:00:00 2001
From: Gertjan Oude Lohuis <gertjan@byte.nl>
Date: Tue, 18 Apr 2017 13:50:28 +0200
Subject: [PATCH] Add docs on new setting

OIDC_UNAUTHENTICATED_SESSION_MANAGEMENT_KEY
---
 docs/sections/sessionmanagement.rst | 4 ++++
 docs/sections/settings.rst          | 7 +++++++
 2 files changed, 11 insertions(+)

diff --git a/docs/sections/sessionmanagement.rst b/docs/sections/sessionmanagement.rst
index c33cd5b..3c182b7 100644
--- a/docs/sections/sessionmanagement.rst
+++ b/docs/sections/sessionmanagement.rst
@@ -18,6 +18,10 @@ Somewhere in your Django ``settings.py``::
 
     OIDC_SESSION_MANAGEMENT_ENABLE = True
 
+
+If you're in a multi-server setup, you might also want to add ``OIDC_UNAUTHENTICATED_SESSION_MANAGEMENT_KEY`` to your settings and set it to some random but fixed string. While authenticated clients have a session that can be used to calculate the browser state, there is no such thing for unauthenticated clients. Hence this value. By default a value is generated randomly on startup, so this will be different on each server. To get a consistent value across all servers you should set this yourself.
+
+
 Example RP iframe
 =================
 
diff --git a/docs/sections/settings.rst b/docs/sections/settings.rst
index 392615a..4b0e410 100644
--- a/docs/sections/settings.rst
+++ b/docs/sections/settings.rst
@@ -110,6 +110,13 @@ OPTIONAL. ``bool``. Enables OpenID Connect Session Management 1.0 in your provid
 
 Default is ``False``.
 
+OIDC_UNAUTHENTICATED_SESSION_MANAGEMENT_KEY
+===========================================
+
+OPTIONAL. Supply a fixed string to use as browser-state key for unauthenticated clients. Read :ref:`sessionmanagement` section.
+
+Default is a string generated at startup.
+
 OIDC_SKIP_CONSENT_ALWAYS
 ========================