diff --git a/servant-auth-cookie.cabal b/servant-auth-cookie.cabal
--- a/servant-auth-cookie.cabal
+++ b/servant-auth-cookie.cabal
@@ -1,5 +1,5 @@
 name:                servant-auth-cookie
-version:             0.4.1
+version:             0.4.2
 synopsis:            Authentication via encrypted cookies
 description:         Authentication via encrypted client-side cookies,
                      inspired by client-session library by Michael Snoyman and based on
@@ -25,7 +25,7 @@
 flag servant9
   description:        Use servant-0.9
   manual:             False
-  default:            False
+  default:            True
 
 library
   exposed-modules:
@@ -37,11 +37,11 @@
                , bytestring
                , cereal         >= 0.5   && < 0.6
                , cookie         >= 0.4.1 && < 0.5
-               , cryptonite     >= 0.14  && <= 0.20
+               , cryptonite     >= 0.14  && <= 0.21
                , data-default
                , exceptions     >= 0.8   && < 0.9
                , http-types     >= 0.9   && < 0.10
-               , memory         >= 0.11  && < 0.14
+               , memory         >= 0.11  && <= 0.14
                , mtl            >= 2.0  && < 3.0
                , servant        >= 0.5   && < 0.10
                , servant-server >= 0.5   && < 0.10
@@ -75,7 +75,7 @@
                , blaze-markup   >= 0.7  && < 0.8
                , bytestring
                , cereal         >= 0.5  && < 0.6
-               , cryptonite     >= 0.14 && <= 0.20
+               , cryptonite     >= 0.14 && <= 0.21
                , data-default
                , http-media
                , mtl            >= 2.0  && < 3.0
@@ -115,7 +115,7 @@
                , QuickCheck     >= 2.4  && < 3.0
                , bytestring
                , cereal         >= 0.5  && < 0.6
-               , cryptonite     >= 0.14 && <= 0.20
+               , cryptonite     >= 0.14 && <= 0.21
                , data-default
                , deepseq        >= 1.3  && < 1.5
                , hspec          >= 2.0  && < 3.0
@@ -137,7 +137,7 @@
   build-depends: base           >= 4.7     && < 5.0
                , bytestring
                , criterion      >= 0.6.2.1 && < 1.2
-               , cryptonite     >= 0.14    && <= 0.20
+               , cryptonite     >= 0.14    && <= 0.21
                , servant-auth-cookie
                , servant-server >= 0.5     && < 0.10
   if flag(dev)
diff --git a/src/Servant/Server/Experimental/Auth/Cookie.hs b/src/Servant/Server/Experimental/Auth/Cookie.hs
--- a/src/Servant/Server/Experimental/Auth/Cookie.hs
+++ b/src/Servant/Server/Experimental/Auth/Cookie.hs
@@ -51,6 +51,7 @@
   , decryptSession
 
   , addSession
+  , removeSession
   , addSessionToErr
   , getSession
 
@@ -440,6 +441,27 @@
 addSession acs rs sk sessionData response = do
   header <- renderSession acs rs sk sessionData
   return (addHeader (EncryptedSession header) response)
+
+-- |  "Remove" a session by invalidating the cookie.
+-- Cookie expiry date is set at 0  and content is wiped
+removeSession  :: ( Monad m,
+                    AddHeader (e :: Symbol) ByteString s r )
+  => AuthCookieSettings -- ^ Options, see 'AuthCookieSettings'
+  -> s                 -- ^ Response to return with  session removed
+  -> m r               -- ^ Response with the session "removed"
+removeSession AuthCookieSettings{..} response = 
+  let invalidDate = BSC8.pack $ formatTime
+        defaultTimeLocale
+        acsExpirationFormat
+        timeOrigin
+      timeOrigin = UTCTime (toEnum 0) 0
+      cookies =
+        (acsSessionField, "") :
+        ("Path",    acsPath) :
+        ("Expires", invalidDate) :
+        ((,"") <$> acsCookieFlags)
+      header = (toByteString . renderCookies) cookies
+   in return (addHeader header response)
 
 -- | Add cookie session to error allowing to set cookie even if response is
 -- not 200.
diff --git a/tests/Main.hs b/tests/Main.hs
--- a/tests/Main.hs
+++ b/tests/Main.hs
@@ -192,51 +192,42 @@
 
 sessionSpec :: Spec
 sessionSpec = do
+  let treesOfInt = Proxy :: Proxy Int
+      treesOfString = Proxy :: Proxy String
+
   context "when session is encrypted and decrypted" $ do
     it "is not distorted in any way (1)" $
-      property $ \session ->
-        let f = sessionHelper def :: Tree Int -> IO (Tree Int)
-        in f session `shouldReturn` session
+      property $ \session -> encryptThenDecrypt treesOfInt def session `shouldReturn` session
     it "is not distored in any way (2)" $
-      property $ \session ->
-        let f = sessionHelper def :: Tree String -> IO (Tree String)
-        in f session `shouldReturn` session
+      property $ \session -> encryptThenDecrypt treesOfString def session `shouldReturn` session
   context "when session is encrypted and decrypted (CBC mode)" $ do
-    let sts =
-          case def of
-            AuthCookieSettings {..} -> AuthCookieSettings
-              { acsEncryptAlgorithm = cbcEncrypt
-              , acsDecryptAlgorithm = cbcDecrypt
-              , .. }
+    let sts = case def of
+                AuthCookieSettings{..} -> AuthCookieSettings
+                                          { acsEncryptAlgorithm = cbcEncrypt
+                                          , acsDecryptAlgorithm = cbcDecrypt
+                                          , .. }
     it "is not distorted in any way (1)" $
-      property $ \session ->
-        let f = sessionHelper sts :: Tree Int -> IO (Tree Int)
-        in f session `shouldReturn` session
+      property $ \session -> encryptThenDecrypt treesOfInt sts session `shouldReturn` session
     it "is not distored in any way (2)" $
-      property $ \session ->
-        let f = sessionHelper sts :: Tree String -> IO (Tree String)
-        in f session `shouldReturn` session
+      property $ \session -> encryptThenDecrypt treesOfString sts session `shouldReturn` session
   context "when session is encrypted and decrypted (CFB mode)" $ do
     let sts =
           case def of
             AuthCookieSettings {..} -> AuthCookieSettings
-              { acsEncryptAlgorithm = cfbEncrypt
-              , acsDecryptAlgorithm = cfbDecrypt
-              , .. }
+                                       { acsEncryptAlgorithm = cfbEncrypt
+                                       , acsDecryptAlgorithm = cfbDecrypt
+                                       , .. }
     it "is not distorted in any way (1)" $
-      property $ \session ->
-        let f = sessionHelper sts :: Tree Int -> IO (Tree Int)
-        in f session `shouldReturn` session
+      property $ \session -> encryptThenDecrypt treesOfInt sts session `shouldReturn` session
     it "is not distored in any way (2)" $
-      property $ \session ->
-        let f = sessionHelper sts :: Tree String -> IO (Tree String)
-        in f session `shouldReturn` session
+      property $ \session -> encryptThenDecrypt treesOfString sts session `shouldReturn` session
 
-sessionHelper :: Serialize a
-  => AuthCookieSettings
+encryptThenDecrypt :: Serialize a
+  => Proxy a
+  -> AuthCookieSettings
   -> Tree a
   -> IO (Tree a)
-sessionHelper settings x = do
+encryptThenDecrypt _ settings x = do
   rs <- mkRandomSource drgNew 1000
   sk <- mkServerKey 16 Nothing
   encryptSession settings rs sk x >>= decryptSession settings sk
