From 017f74f5d45bd43fbac8cdf0aab0d249bf38187e Mon Sep 17 00:00:00 2001
From: nicolatimeus <nicola.timeus@eurotech.com>
Date: Wed, 1 Nov 2023 17:02:49 +0100
Subject: [PATCH] docs: Added note about XSRF token lifetime (#4936)

* docs: Added note about XSRF token lifetime

* Minor fix
---
 docs/references/rest-apis/rest-session-api.md | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/docs/references/rest-apis/rest-session-api.md b/docs/references/rest-apis/rest-session-api.md
index 1c65433f648..8a9516027be 100644
--- a/docs/references/rest-apis/rest-session-api.md
+++ b/docs/references/rest-apis/rest-session-api.md
@@ -9,6 +9,8 @@ The supported workflows are the following:
 
 1. Try calling the [GET/xsrfToken](#getxsrftoken) to get an XSRF token, if the request succeeds a vaild session is already available, it is possible to proceed to step 4.
 
+It is not necessary to call [GET/xsrfToken](#getxsrftoken) again until the current session expires, the obtained token is valid as long as the current session is valid.
+
 2. Call the [POST/login/password](#postloginpassword) or [POST/login/certificate](#postlogincertificate) providing the credentials to create a new session.
   
   The device will return a session cookie with the response, make sure to provide it in successive requests. If the request is performed by a browser, this should be done automatically.
@@ -83,7 +85,7 @@ The supported workflows are the following:
 
 ### GET/xsrfToken
   * **REST API path** : /services/session/v1/xsrfToken
-  * **description** : Gets the XSRF token associated with the current session.
+  * **description** : Gets the XSRF token associated with the current session. It is not necessary to call this method again until the current session expires, the obtained token is valid as long as the current session is valid.
   * **responses** :
       * **200**
           * **description** : Request succeeded, the XSRF token is returned in response body.