diff --git a/actionpack/lib/action_dispatch/middleware/session/cookie_store.rb b/actionpack/lib/action_dispatch/middleware/session/cookie_store.rb
index 807f8115f4..9fde5e0da4 100644
--- a/actionpack/lib/action_dispatch/middleware/session/cookie_store.rb
+++ b/actionpack/lib/action_dispatch/middleware/session/cookie_store.rb
@@ -10,13 +10,13 @@ module Session
# dramatically faster than the alternatives.
#
# Sessions typically contain at most a user ID and flash message; both fit
- # within the 4096 bytes cookie size limit. A CookieOverflow exception is raised if
+ # within the 4096 bytes cookie size limit. A +CookieOverflow+ exception is raised if
# you attempt to store more than 4096 bytes of data.
#
# The cookie jar used for storage is automatically configured to be the
# best possible option given your application's configuration.
#
- # Your cookies will be encrypted using your application's secret_key_base. This
+ # Your cookies will be encrypted using your application's +secret_key_base+. This
# goes a step further than signed cookies in that encrypted cookies cannot
# be altered or read by users. This is the default starting in Rails 4.
#
@@ -24,20 +24,20 @@ module Session
#
# Rails.application.config.session_store :cookie_store, key: '_your_app_session'
#
- # In the development and test environments your application's secret_key_base is
+ # In the development and test environments your application's +secret_key_base+ is
# generated by Rails and stored in a temporary file in tmp/development_secret.txt.
# In all other environments, it is stored encrypted in the
# config/credentials.yml.enc file.
#
- # If your application was not updated to Rails 5.2 defaults, the secret_key_base
+ # If your application was not updated to Rails 5.2 defaults, the +secret_key_base+
# will be found in the old config/secrets.yml file.
#
- # Note that changing your secret_key_base will invalidate all existing session.
+ # Note that changing your +secret_key_base+ will invalidate all existing session.
# Additionally, you should take care to make sure you are not relying on the
# ability to decode signed cookies generated by your app in external
# applications or JavaScript before changing it.
#
- # Because CookieStore extends Rack::Session::Abstract::Persisted, many of the
+ # Because CookieStore extends +Rack::Session::Abstract::Persisted+, many of the
# options described there can be used to customize the session cookie that
# is generated. For example:
#