diff --git a/happstack-clientsession.cabal b/happstack-clientsession.cabal
--- a/happstack-clientsession.cabal
+++ b/happstack-clientsession.cabal
@@ -1,5 +1,5 @@
 Name          : happstack-clientsession
-Version       : 7.1.0
+Version       : 7.1.1
 License       : BSD3
 License-file  : COPYING
 Synopsis      : client-side session data
@@ -25,9 +25,9 @@
     base              == 4.*,
     bytestring        == 0.9.*,
     cereal            == 0.3.*,
-    clientsession     == 0.7.*,
+    clientsession     == 0.8.*,
     happstack-server  == 7.0.*,
     monad-control     == 0.3.*,
-    mtl               == 2.0.*,
+    mtl               >= 2.0 && < 2.2,
     safecopy          == 0.6.*,
     transformers-base == 0.4.*
diff --git a/src/Happstack/Server/ClientSession.hs b/src/Happstack/Server/ClientSession.hs
--- a/src/Happstack/Server/ClientSession.hs
+++ b/src/Happstack/Server/ClientSession.hs
@@ -1,17 +1,18 @@
 {-# LANGUAGE DeriveDataTypeable, FlexibleContexts, FlexibleInstances, FunctionalDependencies, GeneralizedNewtypeDeriving, MultiParamTypeClasses, RecordWildCards, Rank2Types, ScopedTypeVariables, TypeFamilies, UndecidableInstances #-}
+{-# OPTIONS_GHC -fno-warn-orphans #-}
 {- |
 
 This module provides a simple session implementation which stores
 session data on the client as a cookie value.
 
-The cookie values stored in an encryted cookie to make it more
+The cookie values are stored in an encrypted cookie to make it more
 difficult for users to tamper with the values. However, this does not
 prevent replay attacks, and should not be seen as a substitute for
 using HTTPS. Additionally, the cryptography libraries used to encrypt
 the cookie have never been audited. Hence you are encouraged to think
 carefully about what data you put in the session data.
 
-Another important thing to realize is clientside sessions do not
+Another important thing to realize is client-side sessions do not
 provide Isolation. Imagine if the browser makes multiple simultaneous
 requests, which each modify the session data. The browser will submit
 the same cookie for each the requests, and each request handling
@@ -34,7 +35,7 @@
 will be submitting multiple POST requests in parallel. Though there is
 no guarantee.
 
-Alternatively, you can choose to /only/ store data where it is ok if
+Alternatively, you can choose to /only/ store data where it is OK if
 modifications are lost. For example, if the session data contains only
 a userid and the time of the last request they made, then there is no
 great loss if some of the modifications are lost, because the access
@@ -133,7 +134,7 @@
 >        simpleHTTP nullConf $ withClientSessionT sessionConf $ routes
 
 In a real application you might want to use a @newtype@ wrapper around
-'ClientSessionT' to keep your type sigantures sane. An alternative
+'ClientSessionT' to keep your type signatures sane. An alternative
 version of this demo which does that can be found here:
 
 <http://patch-tag.com/r/mae/happstack/snapshot/current/content/pretty/happstack-clientsession/demo/demo.hs>
@@ -157,6 +158,7 @@
   , Key
   , getKey
   , getDefaultKey
+  , randomKey
   ) where
 
 import Control.Applicative   (Applicative, Alternative, optional)
@@ -176,14 +178,20 @@
                                                  )
 import Data.ByteString.Char8 (pack, unpack)
 import Data.Monoid           (Monoid(..))
-import Data.SafeCopy         (SafeCopy, safeGet, safePut)
+import Data.SafeCopy         (SafeCopy(getCopy, putCopy), contain, safeGet, safePut)
 import Data.Serialize        (runGet, runPut)
 import Happstack.Server      ( HasRqData, FilterMonad, WebMonad, ServerMonad, Happstack, Response
                              , CookieLife(Session), Cookie(secure,cookiePath, cookieDomain, httpOnly)
                              , lookCookieValue, addCookie, mkCookie, expireCookie
                              )
-import Web.ClientSession     (Key, getKey, getDefaultKey, decrypt, encryptIO)
+import Web.ClientSession     (Key, getKey, getDefaultKey, randomKey, decrypt, encryptIO)
 
+import qualified Data.Serialize as S
+
+instance SafeCopy Key where
+    getCopy = contain $ S.get
+    putCopy = contain . S.put
+
 ------------------------------------------------------------------------------
 -- class ClientSession
 ------------------------------------------------------------------------------
@@ -202,7 +210,7 @@
 data SessionConf = SessionConf
     { sessionCookieName :: String      -- ^ Name of the cookie to hold your session data.
     , sessionCookieLife :: CookieLife  -- ^ Lifetime of that cookie.
-    , sessionKey        :: Key         -- ^ Encryption key, usually from 'getKey' or 'getDefaultKey'.
+    , sessionKey        :: Key         -- ^ Encryption key, usually from one of 'getKey', 'getDefaultKey' and 'randomKey'.
     , sessionDomain     :: String      -- ^ cookie domain
     , sessionPath       :: String      -- ^ cookie path
     , sessionSecure     :: Bool        -- ^ Only use a session over secure transports.
