DOC: update Authentication.rst

a37dbb97 · Timm Fitschen · ff2d9ff8 · a37dbb97
Verified Commit a37dbb97 authored 1 year ago by Timm Fitschen
--- a/src/doc/specification/Authentication.rst
+++ b/src/doc/specification/Authentication.rst
@@ -23,12 +23,18 @@ password:
 Logout
 ------

+The server does not invalidate AuthTokens. They invalidate after they expire or
+when the server is being restartet. Client should just delete their AuthToken
+to 'logout'.
+
+However, in order to remove the AuthToken cookie from the browsers there is a
+convenient resource which will invalidate the cookie (not the AuthToken).
+
 Send

 ``GET http://host:port/logout``

-with a valid AuthToken cookie. No new AuthToken will be returned and no AuthToken with that session
-will be accepted anymore.
+and the server will return an empty AuthToken cookie which immediately expires.

 Example using ``curl``
 ----------------------
@@ -65,19 +71,3 @@ To use the cookie, pass it on with later requests:
 .. code-block:: sh

   curl -X GET -b cookie.txt --insecure "https://<SERVER>/Entity/123"
-
-.. _curl-logout:
-
-Logout
-~~~~~~
-
-The server does not invalidate AuthTokens. They invalidate after they expire of
-when the server is being restartet. Client should just delete their AuthToken
-to 'logout'.
-
-However, in order to remove the AuthToken cookie from the browsers there is a
-convenient resource which will invalidate the cookie (not the AuthToken).
-
-.. code-block:: sh
-
-   curl -X GET -b cookie.txt --insecure "https://<SERVER>/logout"  # Now the cookie is invalidated.