DOC: update Authentication.rst

src/doc/specification/Authentication.rst

@@ -23,12 +23,18 @@ password:
 Logout
 ------
 
+The server does not invalidate AuthTokens. They invalidate after they expire or
+when the server is being restartet. Client should just delete their AuthToken
+to 'logout'.
+
+However, in order to remove the AuthToken cookie from the browsers there is a
+convenient resource which will invalidate the cookie (not the AuthToken).
+
 Send
 
 ``GET http://host:port/logout``
 
-with a valid AuthToken cookie. No new AuthToken will be returned and no AuthToken with that session
-will be accepted anymore.
+and the server will return an empty AuthToken cookie which immediately expires.
 
 Example using ``curl``
 ----------------------
@@ -65,19 +71,3 @@ To use the cookie, pass it on with later requests:
 .. code-block:: sh
 
    curl -X GET -b cookie.txt --insecure "https://<SERVER>/Entity/123"
-
-.. _curl-logout:
-
-Logout
-~~~~~~
-
-The server does not invalidate AuthTokens. They invalidate after they expire of
-when the server is being restartet. Client should just delete their AuthToken
-to 'logout'.
-
-However, in order to remove the AuthToken cookie from the browsers there is a
-convenient resource which will invalidate the cookie (not the AuthToken).
-
-.. code-block:: sh
-
-   curl -X GET -b cookie.txt --insecure "https://<SERVER>/logout"  # Now the cookie is invalidated.