From 998e3261f67900ff2729c291b8814f104fb3560d Mon Sep 17 00:00:00 2001
From: jvoisin
Date: Mon, 15 Jan 2018 10:27:41 +0100
Subject: Add a note about session cookies handling.

---
 doc/source/_static/custom.css |  6 +++++-
 doc/source/config.rst         | 15 ++++++++++-----
 2 files changed, 15 insertions(+), 6 deletions(-)

(limited to 'doc/source')

diff --git a/doc/source/_static/custom.css b/doc/source/_static/custom.css
index 1c47d04..ee9a7dc 100644
--- a/doc/source/_static/custom.css
+++ b/doc/source/_static/custom.css
@@ -1,4 +1,8 @@
 blockquote {
     border-left: 2px solid #999;
     padding-left: 20px;
-}
\ No newline at end of file
+}
+
+div.body h5 {
+	font-size: 115%;
+}
diff --git a/doc/source/config.rst b/doc/source/config.rst
index e0df244..794d8b0 100644
--- a/doc/source/config.rst
+++ b/doc/source/config.rst
@@ -105,9 +105,14 @@ It can either be ``enabled`` or ``disabled`` and can be used in ``simulation`` m
   sp.unserialize_hmac.enable();
   sp.unserialize_hmac.disable();
 
+Cookies-related mitigations
+^^^^^^^^^^^^^^^^^^^^^^^^^^^
+ 
+.. warning::
+  Those features are **not** available for session cookies `yet <https://github.com/nbs-system/snuffleupagus/issues/122>`_.
 
 auto_cookie_secure
-^^^^^^^^^^^^^^^^^^
+""""""""""""""""""
  
 :ref:`auto_cookie_secure <auto-cookie-secure-feature>`, disabled by default,
 will automatically mark cookies as `secure
@@ -122,7 +127,7 @@ It can either be ``enabled`` or ``disabled``.
   sp.auto_cookie_secure.disable();
 
 cookie_samesite
-^^^^^^^^^^^^^^^^
+"""""""""""""""
  
 :ref:`samesite <samesite-feature>`, disabled by default, will add the `samesite
 <https://tools.ietf.org/html/draft-west-first-party-cookies-07>`_ attribute to
@@ -145,7 +150,7 @@ It can either be set to ``strict`` or ``lax``:
 .. _cookie-encryption_config:
 
 cookie_encryption
-^^^^^^^^^^^^^^^^^
+"""""""""""""""""
    
 .. warning::
 
@@ -166,7 +171,7 @@ It can either be ``enabled`` or ``disabled`` and can be used in ``simulation`` m
 
 
 Removing the user-agent part
-""""""""""""""""""""""""""""
+............................
 
 Some web browser extensions, such as `uMatrix <https://github.com/gorhill/uMatrix/wiki>`__
 might be configured to change the user-agent on a regular basis. If you think that
@@ -181,7 +186,7 @@ proper configuration directive.
 .. _env-var-config:
 
 Choosing the proper environment variable
-""""""""""""""""""""""""""""""""""""""""
+........................................
 
 It's up to you to choose a meaningful environment variable to derive the key from.
 Suhosin `is using <https://www.suhosin.org/stories/configuration.html#suhosin-session-cryptraddr>`_
-- 
cgit v1.3