From 0ad05afc020d2790048d4ca85d936b4ea79eae13 Mon Sep 17 00:00:00 2001
From: Chris McDonough <chrism@plope.com>
Date: Thu, 9 Aug 2018 18:04:42 -0400
Subject: address review comments by rayedo

---
 CHANGES.rst               |  3 ++-
 pyramid/authentication.py | 20 ++++++++++++++------
 2 files changed, 16 insertions(+), 7 deletions(-)

diff --git a/CHANGES.rst b/CHANGES.rst
index 93f25bd69..cd4647e82 100644
--- a/CHANGES.rst
+++ b/CHANGES.rst
@@ -39,7 +39,8 @@ Features
 
 - Modify ``pyramid.authentication.AuthTktAuthenticationPolicy`` and
   ``pyramid.csrf.CookieCSRFStoragePolicy`` to support the SameSite option on
-  cookies.  See https://github.com/Pylons/pyramid/pull/3319
+  cookies and set the default to ``'Lax'``.
+  See https://github.com/Pylons/pyramid/pull/3319
 
 - Added new ``pyramid.httpexceptions.HTTPPermanentRedirect``
   exception/response object for a HTTP 308 redirect.
diff --git a/pyramid/authentication.py b/pyramid/authentication.py
index f8fdbbf5c..412440a02 100644
--- a/pyramid/authentication.py
+++ b/pyramid/authentication.py
@@ -531,8 +531,6 @@ class AuthTktAuthenticationPolicy(CallbackAuthenticationPolicy):
        option.
        Optional.
 
-       This option is available as of :app:`Pyramid` 1.5.
-
     ``domain``
 
        Default: ``None``. If provided the auth_tkt cookie will only be
@@ -540,8 +538,6 @@ class AuthTktAuthenticationPolicy(CallbackAuthenticationPolicy):
        and ``parent_domain``.
        Optional.
 
-       This option is available as of :app:`Pyramid` 1.5.
-
     ``hashalg``
 
        Default: ``sha512`` (the literal string).
@@ -554,8 +550,6 @@ class AuthTktAuthenticationPolicy(CallbackAuthenticationPolicy):
        ``hashalg`` will imply that all existing users with a valid cookie will
        be required to re-login.
 
-       This option is available as of :app:`Pyramid` 1.4.
-
        Optional.
 
     ``debug``
@@ -572,6 +566,20 @@ class AuthTktAuthenticationPolicy(CallbackAuthenticationPolicy):
 
         This option is available as of :app:`Pyramid` 1.10.
 
+    .. versionchanged:: 1.4
+
+       Added the ``hashalg`` option, defaulting to ``sha512``.
+
+    .. versionchanged:: 1.5
+
+       Added the ``domain`` option.
+
+       Added the ``parent_domain`` option.
+
+    .. versionchanged:: 1.10
+
+       Added the ``samesite`` option and made the default ``'Lax'``.
+    
     Objects of this class implement the interface described by
     :class:`pyramid.interfaces.IAuthenticationPolicy`.
 
-- 
cgit v1.2.3