diff --git a/actionpack/lib/action_dispatch/middleware/session/cookie_store.rb b/actionpack/lib/action_dispatch/middleware/session/cookie_store.rb
index 807f8115f4..9fde5e0da4 100644
--- a/actionpack/lib/action_dispatch/middleware/session/cookie_store.rb
+++ b/actionpack/lib/action_dispatch/middleware/session/cookie_store.rb
@@ -10,13 +10,13 @@ module Session
     # dramatically faster than the alternatives.
     #
     # Sessions typically contain at most a user ID and flash message; both fit
-    # within the 4096 bytes cookie size limit. A CookieOverflow exception is raised if
+    # within the 4096 bytes cookie size limit. A +CookieOverflow+ exception is raised if
     # you attempt to store more than 4096 bytes of data.
     #
     # The cookie jar used for storage is automatically configured to be the
     # best possible option given your application's configuration.
     #
-    # Your cookies will be encrypted using your application's secret_key_base. This
+    # Your cookies will be encrypted using your application's +secret_key_base+. This
     # goes a step further than signed cookies in that encrypted cookies cannot
     # be altered or read by users. This is the default starting in Rails 4.
     #
@@ -24,20 +24,20 @@ module Session
     #
     #   Rails.application.config.session_store :cookie_store, key: '_your_app_session'
     #
-    # In the development and test environments your application's secret_key_base is
+    # In the development and test environments your application's +secret_key_base+ is
     # generated by Rails and stored in a temporary file in <tt>tmp/development_secret.txt</tt>.
     # In all other environments, it is stored encrypted in the
     # <tt>config/credentials.yml.enc</tt> file.
     #
-    # If your application was not updated to Rails 5.2 defaults, the secret_key_base
+    # If your application was not updated to Rails 5.2 defaults, the +secret_key_base+
     # will be found in the old <tt>config/secrets.yml</tt> file.
     #
-    # Note that changing your secret_key_base will invalidate all existing session.
+    # Note that changing your +secret_key_base+ will invalidate all existing session.
     # Additionally, you should take care to make sure you are not relying on the
     # ability to decode signed cookies generated by your app in external
     # applications or JavaScript before changing it.
     #
-    # Because CookieStore extends Rack::Session::Abstract::Persisted, many of the
+    # Because CookieStore extends +Rack::Session::Abstract::Persisted+, many of the
     # options described there can be used to customize the session cookie that
     # is generated. For example:
     #