@@ 17,16 17,20 @@ The API is *not* exposed publicly (thus, it will not require authentication\
or authorization for most endpoints), and all request go through the server.
### Client
-The client creates a connection to the server on startup.
+The client creates a connection to the server once the user gives their account\
+credentials, either for an existing account, or a new account.
-### Server
-When a client connects to the server, it can't do much at the start,\
-because the user has to send account credentials to authenticate.\
-These are then sent to the API, which will create a session and return\
-a cookie. The cookie should then be passed to the client.
+This connection _may_ be rejected if the credentials are not valid.
-Should the cookies for both users in a game be stored on the server as well?
-In-memory, but just so the user doesn't have to send it with every request,
+### Server
+When a client connects to the server, it sends the account credentials to\
+authenticate (or an existing cookie on the client side).\
+These are then sent to the API, which will create a session\
+(or verify the previous one) and return a cookie. The cookie should then be\
+passed to the client.
+
+Should the cookies for both users in a game be stored on the server as well?\
+In-memory, but just so the user doesn't have to send it with every request,\
to save on the traffic.
### API