From f9ca34427fe79b5e0746d16eefac45f09644012f Mon Sep 17 00:00:00 2001
From: Roland Guijt <roland.guijt@gmail.com>
Date: Fri, 27 Sep 2024 11:04:48 +0200
Subject: [PATCH 1/4] Add authorization warning for quickstart UI session
 management page

---
 .../content/ui/server_side_sessions/session_management.md     | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/IdentityServer/v7/docs/content/ui/server_side_sessions/session_management.md b/IdentityServer/v7/docs/content/ui/server_side_sessions/session_management.md
index fe2b3c4d..eaf00e0e 100644
--- a/IdentityServer/v7/docs/content/ui/server_side_sessions/session_management.md
+++ b/IdentityServer/v7/docs/content/ui/server_side_sessions/session_management.md
@@ -19,6 +19,10 @@ The [session management service]({{<ref "/reference/services/session_management_
 
 The Quickstart UI contains a simple administrative page (under the "ServerSideSessions" folder) that uses the *ISessionManagementService* API.
 
+{{% notice note %}}
+The UI template doesn't include pre-configured authorization in the form of an authorization policy e.g. We strongly recommend to add authorization suitable to your organization for non-test environments.
+{{% /notice %}}
+
 It looks something like this (but of course you are free to customize or change it as needed):
 
 ![](../images/session_query.png)

From 2da144d28e1bbc24c711ade2e9c0ddf271a74522 Mon Sep 17 00:00:00 2001
From: Roland Guijt <roland.guijt@gmail.com>
Date: Tue, 1 Oct 2024 19:52:44 +0200
Subject: [PATCH 2/4] Change wording

---
 .../docs/content/ui/server_side_sessions/session_management.md  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/IdentityServer/v7/docs/content/ui/server_side_sessions/session_management.md b/IdentityServer/v7/docs/content/ui/server_side_sessions/session_management.md
index eaf00e0e..31ae64b6 100644
--- a/IdentityServer/v7/docs/content/ui/server_side_sessions/session_management.md
+++ b/IdentityServer/v7/docs/content/ui/server_side_sessions/session_management.md
@@ -20,7 +20,7 @@ The [session management service]({{<ref "/reference/services/session_management_
 The Quickstart UI contains a simple administrative page (under the "ServerSideSessions" folder) that uses the *ISessionManagementService* API.
 
 {{% notice note %}}
-The UI template doesn't include pre-configured authorization in the form of an authorization policy e.g. We strongly recommend to add authorization suitable to your organization for non-test environments.
+In the template the administrative page is protected by checking if the caller uses a local IP address. We strongly recommend to add authorization suitable to your organization for non-test environments by adding an authorization policy and enforce that using the *Authorize* attribute for example.
 {{% /notice %}}
 
 It looks something like this (but of course you are free to customize or change it as needed):

From 81dab5d1db3235c62c207ed125ca0e991422347e Mon Sep 17 00:00:00 2001
From: RolandGuijt <github@4sh.nl>
Date: Wed, 2 Oct 2024 12:54:31 +0200
Subject: [PATCH 3/4] Update
 IdentityServer/v7/docs/content/ui/server_side_sessions/session_management.md

Co-authored-by: Joe DeCock <josephdecock@gmail.com>
---
 .../docs/content/ui/server_side_sessions/session_management.md  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/IdentityServer/v7/docs/content/ui/server_side_sessions/session_management.md b/IdentityServer/v7/docs/content/ui/server_side_sessions/session_management.md
index 31ae64b6..54c3261b 100644
--- a/IdentityServer/v7/docs/content/ui/server_side_sessions/session_management.md
+++ b/IdentityServer/v7/docs/content/ui/server_side_sessions/session_management.md
@@ -23,7 +23,7 @@ The Quickstart UI contains a simple administrative page (under the "ServerSideSe
 In the template the administrative page is protected by checking if the caller uses a local IP address. We strongly recommend to add authorization suitable to your organization for non-test environments by adding an authorization policy and enforce that using the *Authorize* attribute for example.
 {{% /notice %}}
 
-It looks something like this (but of course you are free to customize or change it as needed):
+The session management page looks like this by default, but of course you are free to customize or change it as needed:
 
 ![](../images/session_query.png)
 

From 80a91fb57753b7c2e7078d26ee156e6661d724a9 Mon Sep 17 00:00:00 2001
From: RolandGuijt <github@4sh.nl>
Date: Wed, 2 Oct 2024 12:57:02 +0200
Subject: [PATCH 4/4] Update
 IdentityServer/v7/docs/content/ui/server_side_sessions/session_management.md

Co-authored-by: Joe DeCock <josephdecock@gmail.com>
---
 .../docs/content/ui/server_side_sessions/session_management.md  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/IdentityServer/v7/docs/content/ui/server_side_sessions/session_management.md b/IdentityServer/v7/docs/content/ui/server_side_sessions/session_management.md
index 54c3261b..42ba9af6 100644
--- a/IdentityServer/v7/docs/content/ui/server_side_sessions/session_management.md
+++ b/IdentityServer/v7/docs/content/ui/server_side_sessions/session_management.md
@@ -20,7 +20,7 @@ The [session management service]({{<ref "/reference/services/session_management_
 The Quickstart UI contains a simple administrative page (under the "ServerSideSessions" folder) that uses the *ISessionManagementService* API.
 
 {{% notice note %}}
-In the template the administrative page is protected by checking if the caller uses a local IP address. We strongly recommend to add authorization suitable to your organization for non-test environments by adding an authorization policy and enforce that using the *Authorize* attribute for example.
+The Quickstart session administrative page requires a logged in user to manage sessions. We strongly recommend that you add additional authorization suitable to your organization by adding an authorization policy.
 {{% /notice %}}
 
 The session management page looks like this by default, but of course you are free to customize or change it as needed: