From 81f38d6605e31fc36fff7a17eb803d3d700752e3 Mon Sep 17 00:00:00 2001
From: Rene Schallner <rene@renerocks.ai>
Date: Tue, 16 May 2023 16:11:39 +0200
Subject: [PATCH] lil doc update

---
 doc/authentication.md | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/doc/authentication.md b/doc/authentication.md
index ac992ae..a9a2963 100644
--- a/doc/authentication.md
+++ b/doc/authentication.md
@@ -1,6 +1,11 @@
 # Authentication
 
-Zap supports both Basic and Bearer authentication. 
+Zap supports both Basic and Bearer authentication which are based on HTTP
+headers.
+
+For a cookie-based ("session token", not to mistake for "session cookie")
+authentication, see the [UserPassSessionAuth](../src/http_auth.zig#L312) and its
+[example](../examples/userpass_session_auth/).
 
 For convenience, Authenticator types exist that can authenticate requests.