From 73c30e3b45f9260bd2b94f6b37bcec8d0fe7d856 Mon Sep 17 00:00:00 2001
From: jvoisin
Date: Fri, 24 Nov 2017 17:17:37 +0100
Subject: Add a small bla about user-agent and encryption

This should close #70
---
 doc/source/config.rst | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/doc/source/config.rst b/doc/source/config.rst
index c271403..99ef8e6 100644
--- a/doc/source/config.rst
+++ b/doc/source/config.rst
@@ -160,6 +160,20 @@ It can either be ``enabled`` or ``disabled`` and can be used in ``simulation`` m
   sp.cookie.name("my_cookie_name").encrypt();
   sp.cookie.name("another_cookie_name").encrypt();
 
+
+Removing the user-agent part
+""""""""""""""""""""""""""""
+
+Some web browser extensions, such as [uMatrix](https://github.com/gorhill/uMatrix/wiki)
+might be configured to change the user-agent on a regular basis. If you think that
+some of your users might be using configurations like this, you might want to disable
+the mixing of the user-agent in the cookie's encryption key. The simplest way to do
+so is to set the environment variable ``HTTP_USER_AGENT`` to a fixed value before passing
+it to your php process.
+
+We think that this use case is too exotic to be worth implementing as a
+proper configuration directive.
+
 Choosing the proper environment variable
 """"""""""""""""""""""""""""""""""""""""
 
-- 
cgit v1.3