Hopefully more informative text.

2014-12-16 13:12:12 +01:00 · 2014-12-16 13:12:12 +01:00 · 1b2b0cce62
parent 342d88e8d9
commit 1b2b0cce62
1 changed files with 3 additions and 0 deletions
--- a/doc/howto/rp.rst
+++ b/doc/howto/rp.rst
@ -250,6 +250,9 @@ and to mitigate replay attacks.

 Since you will need both these arguments later in the process you probably
 want to store them in a session object (assumed to look like a dictionary).
+Also even if you initiate one Client instance per OP you probably won't do it
+per user so you have to keep the state and nonce variables that belongs to
+an user together and separate from other users.

 Most probable the response to this request will be a redirect to some other
 URL where the authentication is performed.