Recently, Rack was updated to v2.0.8 to address a session hijack vulnerability by way of a timing attack. This change provides support for the newest version of Rack. Shoutouts to @le0pard for being on it and getting it through the goalpost.
This also adds support for storing a user's personal session data in a signed/encrypted cookie on the client, similarly to the CookieStore that comes out of ActionPack. We've had this released for a while as v2.1.0.pre. To enable this feature, use the signed: true option in your session store setup.