explain cookies in devdoc/api.txt

diff --git a/devdoc/api.txt b/devdoc/api.txt
index 804c0c4d4baba7295f629a5d0af4d1651e0c8087..005b49cb7a6ed8f9c52b8a6264fc8c08178de573 100644 (file)
--- a/devdoc/api.txt
+++ b/devdoc/api.txt
@@ -8,12 +8,16 @@ This field is called _imgurl_; it may also have a _title_ and/or a _description_
 
 Client submits a classic html form to server. 
 
-**note**: In this documentation, php notation is used (`_POST` and `_FILES`),
-but server may be written in any language.
+**note**: In this documentation, php notation is used (`_POST`,  `_FILES` and
+ `_COOKIE`), but server may be written in any language.
 
-` _POST["password"]` and `_POST["user"] may contain user name and password. If
+`_POST["password"]` and `_POST["user"] may contain user name and password. If
  they are set, access is checked. If they is not set, cookies are checked. If
- neither are present.
+ neither are present. If access is correct, cookies are set.
+
+Alternatively, `_COOKIE["syp_user"]` and `_COOKIE["syp_auth"]` may contain user
+ name and md5 of password. If tables prefix is not *syp_*, cookies name are
+ modifier accordingly.
 
 `_POST["request"]` is either:
 
@@ -22,16 +26,18 @@ but server may be written in any language.
 
 ## changepass
  change user password
- * `$_POST ["pass_current"]` must contain current password. This is needed: cookie
+
+ * `_POST ["pass_current"]` must contain current password. This is needed: cookie
     authentification is not enough.
- * `$_POST ["pass_new"]` must contain new password
+ * `_POST ["pass_new"]` must contain new password
 
 ## newuser
  adds a new user
- * `$_POST ["newuser_name"]` must contain user name
- * `$_POST ["newuser_password"]` must contain user password
 
- Only admin can add new users.
+ * `_POST ["newuser_name"]` must contain user name
+ * `_POST ["newuser_password"]` must contain user password
+
+ **Only admin can add new users.**
 
 
 ## add