diff --git a/htdocs/public/test/test_csrf.php b/htdocs/public/test/test_csrf.php
index 8c242cade64..1c23dc7070a 100644
--- a/htdocs/public/test/test_csrf.php
+++ b/htdocs/public/test/test_csrf.php
@@ -3,14 +3,16 @@
?>
-This is a form to test a CSRF.
+This is a form to test if a CSRF exists into a Dolibarr page.
-Open this form into a Virtual server A.
-Change url to send request to into file to send request to virtual server B.
+- Change url to send request to into this file (server B, hard coded page)
+- Open this form into a virtual server A.
+- Send the request to the virtual server B by clicking submit.
+- Check that Anticsrf protection is triggered.
';
?>
diff --git a/htdocs/public/test/test_sessionlock.php b/htdocs/public/test/test_sessionlock.php
index 32c75649f81..12b8a455bf6 100644
--- a/htdocs/public/test/test_sessionlock.php
+++ b/htdocs/public/test/test_sessionlock.php
@@ -17,13 +17,14 @@ if (!defined("NOLOGIN")) define("NOLOGIN", '1'); // If this page is publi
// TODO We can close session with session_write_close() as soon as we just need read access everywhere in code.
if (!defined("NOSESSION")) define("NOSESSION", '1');
-
-print PHP_SESSION_DISABLED;
-print PHP_SESSION_NONE;
-print PHP_SESSION_ACTIVE;
+print "Legend:
\n";
+print 'PHP_SESSION_DISABLED='.PHP_SESSION_DISABLED."
\n";
+print 'PHP_SESSION_NONE='.PHP_SESSION_NONE."
\n";
+print 'PHP_SESSION_ACTIVE='.PHP_SESSION_ACTIVE."
\n";
print '
';
-print session_status();
+print 'session_status='.session_status().' (before main.inc.php)';
+print '
';
require '../../main.inc.php';
@@ -33,11 +34,11 @@ if ($dolibarr_main_prod) {
}
*/
-print session_status();
+print 'session_status='.session_status().' (after main.inc.php)';
print '
';
//print 'a'.$_SESSION['disablemodules'].'b';
-print 'This page is visible. It means you are not locked by another page called in same session.';
+print "\n
This page is visible. It means you are not locked by another page called in same session.";
//session_write_close();