diff --git a/README.md b/README.md
index 2fa9472..6537acb 100644
--- a/README.md
+++ b/README.md
@@ -84,6 +84,18 @@ Any authentication mechanism is supported as long as it uses a
 session variable.
 
 
+## Current limitations
+
+These limitations may be addressed in the future.  Right now,
+though, please bear in mind that:
+
+  * There's no support for cleaning old sessions from the storage
+    backends.
+
+  * There's no way of setting timeouts and cookie persistence on
+    a per-session basis, only a global basis.
+
+
 ## Background
 
 Yesod has always support client-side sessions via the