diff --git a/docs/conf.py b/docs/conf.py
index 5f6bd624..94cae16d 100644
--- a/docs/conf.py
+++ b/docs/conf.py
@@ -267,9 +267,10 @@ intersphinx_mapping = {
     'werkzeug': ('http://werkzeug.pocoo.org/docs/', None),
     'click': ('http://click.pocoo.org/', None),
     'jinja': ('http://jinja.pocoo.org/docs/', None),
+    'itsdangerous': ('https://pythonhosted.org/itsdangerous', None),
     'sqlalchemy': ('https://docs.sqlalchemy.org/en/latest/', None),
     'wtforms': ('https://wtforms.readthedocs.io/en/latest/', None),
-    'blinker': ('https://pythonhosted.org/blinker/', None)
+    'blinker': ('https://pythonhosted.org/blinker/', None),
 }
 
 html_theme_options = {
diff --git a/docs/security.rst b/docs/security.rst
index fe1351ad..13ea2e33 100644
--- a/docs/security.rst
+++ b/docs/security.rst
@@ -213,11 +213,11 @@ option is set, the cookie will be removed when the browser is closed. ::
     # cookie expires after 10 minutes
     response.set_cookie('snakes', '3', max_age=600)
 
-For the session cookie, if ``session.permanent`` is set, then
-:data:`SESSION_COOKIE_LIFETIME` is used to set the expiration. Flask's default
-cookie implementation validates that the cryptographic signature is not older
-than this value. Lowering this value may help mitigate replay attacks, where
-intercepted cookies can be sent at a later time. ::
+For the session cookie, if :attr:`session.permanent <flask.session.permanent>`
+is set, then :data:`PERMANENT_SESSION_LIFETIME` is used to set the expiration.
+Flask's default cookie implementation validates that the cryptographic
+signature is not older than this value. Lowering this value may help mitigate
+replay attacks, where intercepted cookies can be sent at a later time. ::
 
     app.config.update(
         PERMANENT_SESSION_LIFETIME=600
@@ -231,8 +231,8 @@ intercepted cookies can be sent at a later time. ::
         session.permanent = True
         ...
 
-Use :class:`TimedSerializer` to sign and validate other cookie values (or any
-values that need secure signatures).
+Use :class:`itsdangerous.TimedSerializer` to sign and validate other cookie
+values (or any values that need secure signatures).
 
 - https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies
 - https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie