AWS elasticloadbalancing documentation change
Summary
Minor grammatical improvements to logout procedure documentation (article change and pluralization)
Security assessment
Changes are linguistic clarifications without security context or feature additions
Diff
diff --git a/elasticloadbalancing/latest/application/listener-authenticate-users.md index 5ae5e4831..d8443ba69 100644 --- a/elasticloadbalancing/latest/application/listener-authenticate-users.md +++ b/elasticloadbalancing/latest/application/listener-authenticate-users.md @@ -438 +438 @@ For example, if a user loads the login page through the Application Load Balance -When an application needs to log out an authenticated user, it should set the expiration time of the authentication session cookie to -1 and redirect the client to the IdP logout endpoint (if the IdP supports one). To prevent users from reusing a deleted cookie, we recommend that you configure as short an expiration time for the access token as is reasonable. If a client provides a load balancer with a session cookie that has an expired access token with a non-NULL refresh token, the load balancer contacts the IdP to determine whether the user is still logged in. +When an application needs to log out an authenticated user, it should set the expiration time of the authentication session cookie to -1 and redirect the client to the IdP logout endpoint (if the IdP supports one). To prevent users from reusing a deleted cookie, we recommend that you configure as short an expiration time for the access token as is reasonable. If a client provides the load balancer with a session cookie that has an expired access token with a non-NULL refresh token, the load balancer contacts the IdP to determine whether the user is still logged in. @@ -440 +440 @@ When an application needs to log out an authenticated user, it should set the ex -The client logout landing page is an unauthenticated page. This means that it cannot be behind an Application Load Balancer rule that requires authentication. +Client logout landing pages are unauthenticated. This means that they cannot be behind an Application Load Balancer rule that requires authentication.