README.md in jwt_keeper-2.0.0 vs README.md in jwt_keeper-3.0.0

- old
+ new

@@ -6,13 +6,13 @@
 [![Inline docs](http://inch-ci.org/github/sirwolfgang/jwt_keeper.svg?style=shields)](http://inch-ci.org/github/sirwolfgang/jwt_keeper)
 
 An managing interface layer for handling the creation and validation of JWTs.
 
 ## Setup
- - Add `gem 'jwt_keeper', '~> 2.0'` to Gemfile
+ - Add `gem 'jwt_keeper', '~> 3.0'` to Gemfile
  - Run `rails generate keeper:install`
- - Configure `config/initializers/keeper.rb`
+ - Configure `config/initializers/jwt_keeper.rb`
  - Done
 
 ## Basic Usage
 Here are the basic methods you can call to perform various operations
 
@@ -27,12 +27,11 @@
 raw_token_string = token.to_jwt
 ```
 
 ## Rails Usage
 The designed rails token flow is to receive and respond to requests with the token being present in the `Authorization` part of the header. This is to allow us to seamlessly rotate the tokens on the fly without having to rebuff the request as part of the user flow. Automatic rotation happens as part of the `require_authentication` action, meaning that you will always get the latest token data as
-created by `generate_claims` in your controllers. This new token is added to the response with
-the `respond_with_authentication` action.
+created by `generate_claims` in your controllers. This new token is added to the response with the `respond_with_authentication` action.
 
 ```ruby
 class ApplicationController < ActionController::Base
   before_action :require_authentication
   after_action :respond_with_authentication
@@ -79,5 +78,8 @@
 ### Hard Invalidation
 Hard Invalidation is a permanent revocation of the token. The primary cases of this is when a user wishes to logout, or when your security has been otherwise compromised. To revoke all tokens simply update the configuration `secret`. To revoke a single token you can utilize either the class(`Token.revoke(jti)`) or instance(`token.revoke`) method.
 
 ### Soft Invalidation
 Soft Invalidation is the process of triggering a rotation upon the next time a token is seen in a request. On the global scale this is done when there is a version mismatch in the config. Utilizing the rails controller flow, this method works even if you have two different versions of your app deployed and requests bounce back and forth; Making rolling deployments and rollbacks completely seamless. To rotate a single token, like in the case of a change of user permissions, simply use the class(`Token.rotate`) method to flag the token for regeneration.
+
+## Cookie Locking
+Cookie locking is the practice of securing the JWT by pairing it with a secure/httponly cookie. When a JWT is created, part of the secret used to sign it is a one time generated key that is stored in a matching cookie. The cookie and JWT thus must be sent together to be considered valid. The effective result makes it extremely hard to hijack a session by stealing the JWT. This reduces the surface area of XSS considerably.