diff --git a/actix-session/src/lib.rs b/actix-session/src/lib.rs
index 4ae8c7c12..26f5db38f 100644
--- a/actix-session/src/lib.rs
+++ b/actix-session/src/lib.rs
@@ -5,7 +5,7 @@
 //! influenced by the provided inputs (i.e. the request content) and whatever state the server
 //! queries while performing its processing.
 //!
-//! Stateless systems are easier to reason about, but they are not quite as powerful as we need to
+//! Stateless systems are easier to reason about, but they are not quite as powerful as we need them to
 //! be - e.g. how do you authenticate a user? The user would be forced to authenticate **for every
 //! single request**. That is, for example, how 'Basic' Authentication works. While it may work for
 //! a machine user (i.e. an API client), it is impractical for a person—you do not want a login
diff --git a/actix-session/src/middleware.rs b/actix-session/src/middleware.rs
index 2c2b6241a..64625b6bd 100644
--- a/actix-session/src/middleware.rs
+++ b/actix-session/src/middleware.rs
@@ -147,7 +147,7 @@ pub enum SessionLength {
     /// When does a browser session end? It depends on the browser! Chrome, for example, will often
     /// continue running in the background when the browser is closed—session cookies are not
     /// deleted and they will still be available when the browser is opened again. Check the
-    /// documentation of the browser you are targeting for up-to-date information.
+    /// documentation of the browsers you are targeting for up-to-date information.
     BrowserSession {
         /// We must provide a time-to-live (TTL) when storing the session state in the storage
         /// backend—we do not want to store session states indefinitely, otherwise we will
@@ -188,15 +188,17 @@ pub enum SessionLength {
 /// the content of the session cookie.
 #[derive(Debug, Clone, Copy)]
 pub enum CookieContentSecurity {
-    /// `CookieContentSecurity::Private` selects encrypted cookie content.
+    /// The cookie content is encrypted when using `CookieContentSecurity::Private`.
     ///
-    /// The client cannot tamper with its contents nor decode it (i.e., preserves confidentiality as
-    /// long the as the encryption key is not breached).
+    /// Encryption guarantees confidentiality and integrity: the client cannot
+    /// tamper with the cookie content nor decode it, as long as the encryption key remains
+    /// confidential.
     Private,
 
-    /// `CookieContentSecurity::Signed` selects signed cookie content.
+    /// The cookie content is signed when using `CookieContentSecurity::Signed`.
     ///
-    /// The client cannot tamper with its contents, but they can read it (i.e., no confidentiality).
+    /// Signing guarantees integrity, but it doesn't ensure confidentiality: the client
+    /// cannot tamper with the cookie content, but they can read it.
     Signed,
 }