README.md in macaw_framework-1.2.5 vs README.md in macaw_framework-1.2.6

@@ -111,10 +111,19 @@
 
 *Observation: To activate caching, you also have to set its properties in the `application.json` file. If you don't, the caching strategy will not work. See the Configuration section below for more details.*
 
 ### Session management: Handle user sessions with server-side in-memory storage
 
+Session will only be enabled if it's configurations exists in the `application.json` file.
+The session mechanism works by recovering the Session ID from a client sent header. The default
+header is `X-Session-ID`, but it can be changed in the `application.json` file.
+
+This header will be sent back to the user on every response if Session is enabled. Also, the
+session ID will be automatically generated and sent to a client if this client does not provide
+a session id in the HTTP request. In the case of the client sending an ID of an expired session
+the framework will return a new session with a new ID.
+
 ```ruby
 m.get('/login') do |context|
   # Authenticate user
   context[:client][:user_id] = user_id
 end
@@ -127,12 +136,10 @@
     # Redirect to login
   end
 end
 ```
 
-**Caution: This feature is vulnerable to IP spoofing and may disrupt sessions on devices sharing the same network (e.g., Wi-Fi).**
-
 ### Configuration: Customize various aspects of the framework through the application.json configuration file, such as rate limiting, SSL support, and Prometheus integration
 
 ```json
 {
   "macaw": {
@@ -153,9 +160,13 @@
       "min": "SSL3",
       "max": "TLS1.3",
       "key_type": "EC",
       "cert_file_name": "path/to/cert/file/file.crt",
       "key_file_name": "path/to/cert/key/file.key"
+    },
+    "session": {
+      "secure_header": "X-Session-ID",
+      "invalidation_time": 3600
     }
   }
 }
 ```