jetty · gregw · Oct 18, 2023 · Oct 18, 2023 · Oct 18, 2023 · sbordet
diff --git a/...mentation/jetty-documentation/src/main/asciidoc/old_docs/extras/dos-filter.adoc b/...mentation/jetty-documentation/src/main/asciidoc/old_docs/extras/dos-filter.adoc
@@ -32,9 +32,7 @@ The filter works on the assumption that the attacker might be written in simple
 [[dos-filter-using]]
 ==== Using the DoS Filter
 
-Jetty places throttled requests in a priority queue, giving priority first to authenticated users and users with an HttpSession, then to connections identified by their IP addresses.
-Connections with no way to identify them have lowest priority.
-To uniquely identify authenticated users, you should implement the The extractUserId(ServletRequest request) function.
+Jetty places throttled requests in a queue, and proceed only when there is capacity available.
 
 ===== Required JARs
 
@@ -94,11 +92,8 @@ Default is 30000L.
 insertHeaders::
 If true, insert the DoSFilter headers into the response.
 Defaults to true.
-trackSessions::
-If true, usage rate is tracked by session if a session exists.
-Defaults to true.
 remotePort::
-If true and session tracking is not used, then rate is tracked by IP and port (effectively connection).
+If true, then rate is tracked by IP and port (effectively connection).
 Defaults to false.
 ipWhitelist::
 A comma-separated list of IP addresses that will not be rate limited.