fix: add PHP secure cookie flag and C# token revocation example (gap report)

src/content/docs/developer-tools/sdks/backend/dotnet-sdk.mdx

@@ -34,7 +34,7 @@ keywords:
   - openid connect
   - machine to machine
   - kinde client
-updated: 2024-01-15
+updated: 2026-04-13
 featured: false
 deprecated: false
 ai_summary: Guide to using the Kinde .NET SDK for integrating with the Management API, including installation, configuration, and API calls for user and organization management.
@@ -117,4 +117,30 @@ Note this requires the `create:organizations` and `update:organizations` scopes
 
 For full details of the available management API functions, see the [Kinde Management API specification](/kinde-apis/management/).
 
+## Revoke a token
+
+To revoke an access or refresh token, call the `/oauth2/revoke` endpoint with your client credentials and the token to revoke.
+
+```csharp
+using System.Net.Http.Headers;
+using System.Text;
+
+var httpClient = new HttpClient();
+var credentials = Convert.ToBase64String(
+    Encoding.UTF8.GetBytes($"{clientId}:{clientSecret}")
+);
+
+var request = new HttpRequestMessage(HttpMethod.Post, "https://your-subdomain.kinde.com/oauth2/revoke");
+request.Headers.Authorization = new AuthenticationHeaderValue("Basic", credentials);
+request.Content = new FormUrlEncodedContent(new[]
+{
+    new KeyValuePair<string, string>("token", tokenToRevoke),
+    new KeyValuePair<string, string>("token_type_hint", "access_token") // or "refresh_token"
+});
+
+var response = await httpClient.SendAsync(request);
+```
+
+A successful revocation returns `HTTP 200`. Once revoked, the token can no longer be used to authenticate requests.
+
 If you need help getting Kinde connected, contact us at [support@kinde.com](mailto:support@kinde.com).

src/content/docs/developer-tools/sdks/backend/php-sdk.mdx

@@ -4,6 +4,8 @@ title: PHP SDK
 description: "Complete guide for PHP SDK including Composer installation, OAuth integration, authentication flow, user permissions, and cookie configuration for PHP applications."
 sidebar:
   order: 14
+tableOfContents:
+  maxHeadingLevel: 3
 relatedArticles:
   - 02d02820-92da-4721-9a91-222c9b095869
 head:
@@ -33,7 +35,7 @@ keywords:
   - user permissions
   - cookie settings
   - callback URLs
-updated: 2024-01-15
+updated: 2026-04-13
 featured: false
 deprecated: false
 ai_summary: Complete guide for PHP SDK including Composer installation, OAuth integration, authentication flow, user permissions, and cookie configuration for PHP applications.
@@ -181,6 +183,19 @@ $storage->setCookiePath('/');
 $storage->setCookieDomain('yourdomain.com');
 ```
 
+### Disabling the Secure cookie flag (for local development)
+
+By default, cookies are set with the `Secure` flag, which requires HTTPS. When developing over HTTP locally, you can disable this:
+
+    ```php
+    $storage = Storage::getInstance();
+    $storage->setCookieSecure(false); // Only use this in local/dev environments
+    ```
+
+<Aside type="warning">
+Do not disable the `Secure` flag in production.
+</Aside>
+
 ## Logout
 
 The Kinde SPA client comes with a logout method.