diff --git a/admin/settings/authentication/README.md b/admin/settings/authentication/README.md
index e9e9297e..0362e8f2 100644
--- a/admin/settings/authentication/README.md
+++ b/admin/settings/authentication/README.md
@@ -4,6 +4,10 @@ Portainer provides its own internal authentication mechanism, encrypting user pa
 
 {% hint style="info" %}
 For all authentication types you can adjust the session lifetime (the time before users are forced to reauthenticate). The default is 8 hours.
+
+Session lifetime changes apply only to new logins, existing sessions keep their original expiry. 
+
+Expired sessions redirect to login without ending the upstream OAuth session.
 {% endhint %}
 
 When using internal authentication, an administrator can set the minimum length for users' passwords. The default is 12 characters, but this can be adjusted using the slider. Any users with passwords that don't meet the requirements will be asked to update their passwords when they next log in.