Extends the IP documentation (#1258)Co-authored-by: Zachary Sailer <z…

…achsailer@gmail.com> * Extends the IP documentation * Update docs/source/operators/security.rst --------- Co-authored-by: Zachary Sailer <zachsailer@gmail.com>
jupyter-server · Apr 25, 2023 · 3ba9ac9 · 3ba9ac9
1 parent 934fb5b
commit 3ba9ac9
Showing 1 changed file with 15 additions and 2 deletions.
diff --git a/docs/source/operators/security.rst b/docs/source/operators/security.rst
@@ -147,8 +147,7 @@ Other required fields will be filled with `None`.
 Identity Model
 ^^^^^^^^^^^^^^
 
-The identity model is the model accessed at `/api/me`,
-and describes the currently authenticated user.
+The identity model is the model accessed at `/api/me`, and describes the currently authenticated user.
 
 It has the following fields:
 
@@ -179,6 +178,20 @@ color
   such as for collaboration cursors.
   May be `null` if unavailable.
 
+
+The default implementation of the identity provider is stateless, meaning it doesn't store user information
+on the server side. Instead, it utilizes session cookies to generate and store random user information on the
+client side.
+
+When a user logs in or authenticates, the server generates a session cookie that is stored on the client side.
+This session cookie is used to keep track of the identity model between requests. If the client does not
+support session cookies or fails to send the cookie in subsequent requests, the server will treat each request
+as coming from a new anonymous user and generate a new set of random user information for each request.
+
+To ensure proper functionality of the identity model and to maintain user context between requests, it's
+important for clients to support session cookies and send it in subsequent requests. Failure to do so may
+result in the server generating a new anonymous user for each request, leading to loss of user context.
+
 Authorization
 *************