add signed and private cookies

guide/src/qs_10.md

@@ -163,14 +163,17 @@ used with different backend types to store session data in different backends.
 > can be added.
 
 [**CookieSessionBackend**](../actix_web/middleware/struct.CookieSessionBackend.html)
-uses signed cookies as session storage. `CookieSessionBackend` creates sessions which
+uses cookies as session storage. `CookieSessionBackend` creates sessions which
 are limited to storing fewer than 4000 bytes of data, as the payload must fit into a
 single cookie. An internal server error is generated if a session contains more than 4000 bytes.
 
-You need to pass a random value to the constructor of `CookieSessionBackend`.
-This is a private key for cookie session. When this value is changed, all session data is lost.
+A cookie may have a security policy of *signed* or *private*. Each has a respective `CookieSessionBackend` constructor.
+
+A *signed* cookie may be viewed but not modified by the client. A *private* cookie may neither be viewed nor modified by the client.
+
+The constructors take a key as an argument. This is the private key for cookie session - when this value is changed, all session data is lost.
+
 
-> **Note**: anything you write into the session is visible by the user, but it is not modifiable.
 
 In general, you create a
 `SessionStorage` middleware and initialize it with specific backend implementation,
@@ -203,7 +206,7 @@ fn main() {
     server::new(
         || App::new()
             .middleware(SessionStorage::new(          // <- create session middleware
-                CookieSessionBackend::new(&[0; 32]) // <- create cookie session backend
+                CookieSessionBackend::signed(&[0; 32]) // <- create signed cookie session backend
                     .secure(false)
             )))
         .bind("127.0.0.1:59880").unwrap()