add some text about ATIME and user logout / credentials revalidation

koanlogic · Jul 9, 2011 · bc4c8cb · bc4c8cb
1 parent a150d2d
commit bc4c8cb
Showing 1 changed file with 4 additions and 0 deletions.
diff --git a/doc/draft-scs.xml b/doc/draft-scs.xml
@@ -257,6 +257,10 @@ AUTHTAG          = 4*base64-character
           "session_max_age" (which is chosen by S as an application-level
           parameter), a session is considered to be no longer valid, and
           is therefore rejected.</t>
+
+          <t>Such an expiration error may be used to force user logout from 
+          an SCS cookie based session, or hooked in the web application logics
+          to the display of a form asking re-validation of user credentials.</t>
         </section>
 
         <!-- end of ATIME -->