From c9934280918171c58f7be1e0aa789ea045020e5f Mon Sep 17 00:00:00 2001
From: Rick Anderson <riande@microsoft.com>
Date: Thu, 13 Sep 2018 19:27:11 -0700
Subject: [PATCH] Update secure-data.md (#8525)

Fixes #8502
---
 aspnetcore/security/authorization/secure-data.md | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/aspnetcore/security/authorization/secure-data.md b/aspnetcore/security/authorization/secure-data.md
index 3061362d0a..75f9b07041 100644
--- a/aspnetcore/security/authorization/secure-data.md
+++ b/aspnetcore/security/authorization/secure-data.md
@@ -264,9 +264,12 @@ Update the details page model:
 
 [!code-csharp[](secure-data/samples/final2.1/Pages/Contacts/Details.cshtml.cs?name=snippet)]
 
-## Add a user to a role
+## Add or remove a user to a role
 
-Roles are stored in the Identity cookie. Changes made to user roles are not persisted to the cookie until the cookie is regenerated or the user signs out and signs in. Applications that add users to a role should call `SignInManager.RefreshSignInAsync(user)` to update the cookie.
+See [this issue](https://github.com/aspnet/Docs/issues/8502) for information on:
+
+* Removing privileges from a user. For example muting a user in a chat app.
+* Adding privileges to a user.
 
 ## Test the completed app