diff options
Diffstat (limited to 'docs/narr')
| -rw-r--r-- | docs/narr/sessions.rst | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/docs/narr/sessions.rst b/docs/narr/sessions.rst index edd24d839..cce77ca5b 100644 --- a/docs/narr/sessions.rst +++ b/docs/narr/sessions.rst @@ -293,7 +293,7 @@ application to perform some command that requires elevated privileges. You can avoid most of these attacks by making sure that the correct *CSRF token* has been set in an :app:`Pyramid` session object before performing any -actions in code which requires elevated privileges and is invoked via a form +actions in code which requires elevated privileges that is invoked via a form post. To use CSRF token support, you must enable a :term:`session factory` as described in :ref:`using_the_default_session_factory` or :ref:`using_alternate_session_factories`. |