diff --git a/README.rdoc b/README.rdoc
index 71327ab1..b228f76c 100644
--- a/README.rdoc
+++ b/README.rdoc
@@ -7,10 +7,10 @@ Devise is a flexible authentication solution for Rails based on Warden. It:
 * Allows you to have multiple roles (or models/scopes) signed in at the same time;
 * Is based on a modularity concept: use just what you really need.
 
-Right now it's composed of 12 modules:
+Right now it's composed of 11 modules:
 
-* Database Authenticatable: encrypts and stores a password in the database to validate the authenticity of an user while signing in.
-* Token Authenticatable: validates the authenticity of a user while signing in using an authentication token (also known as "single access token").
+* Database Authenticatable: encrypts and stores a password in the database to validate the authenticity of an user while signing in. The authentication can be done both through POST requests or HTTP Basic Authentication.
+* Token Authenticatable: signs in an user based on an authentication token (also known as "single access token"). The token can be given both through query string or HTTP Basic Authentication.
 * Confirmable: sends emails with confirmation instructions and verifies whether an account is already confirmed during sign in.
 * Recoverable: resets the user password and sends reset instructions.
 * Registerable: handles signing up users through a registration process.
@@ -21,8 +21,6 @@ Right now it's composed of 12 modules:
 * Lockable: locks an account after a specified number of failed sign-in attempts. Can unlock via email or after a specified time period.
 * Activatable: use this module if you need to activate accounts by means other than confirmation.
 
-Additionaly, Devise has several extensions (listed at the end of this README) and has http authentication built in.
-
 == Examples
 
 * Example application using Devise at http://github.com/plataformatec/devise_example
diff --git a/lib/devise/hooks/rememberable.rb b/lib/devise/hooks/rememberable.rb
index 6771ce40..c44103c8 100644
--- a/lib/devise/hooks/rememberable.rb
+++ b/lib/devise/hooks/rememberable.rb
@@ -32,7 +32,7 @@ module Devise
       protected
 
       def remember_me?
-        @remember_me ||= Devise::TRUE_VALUES.include?(valid_params? && params[scope][:remember_me])
+        valid_params? && Devise::TRUE_VALUES.include?(params_auth_hash[:remember_me])
       end
     end
   end
diff --git a/lib/devise/strategies/authenticatable.rb b/lib/devise/strategies/authenticatable.rb
index ae257ef7..9164c90f 100644
--- a/lib/devise/strategies/authenticatable.rb
+++ b/lib/devise/strategies/authenticatable.rb
@@ -33,7 +33,7 @@ module Devise
 
       # Check if this is strategy is valid for params authentication.
       def valid_for_params_auth?
-        params_authenticatable? && valid_controller? &&
+        params_authenticatable? && valid_request? &&
           valid_params? && with_authentication_hash(params_auth_hash)
       end
 
@@ -58,12 +58,22 @@ module Devise
         Hash[*keys.zip(decode_credentials).flatten]
       end
 
+      # By default, a request is valid  if the controller is allowed and the VERB is POST.
+      def valid_request?
+        valid_controller? && valid_verb?
+      end
+
       # Check if the controller is valid for params authentication.
       def valid_controller?
         mapping.controllers[:sessions] == params[:controller]
       end
 
       # Check if the params_auth_hash is valid for params authentication.
+      def valid_verb?
+        request.post?
+      end
+
+      # If the request is valid, finally check if params_auth_hash returns a hash.
       def valid_params?
         params_auth_hash.is_a?(Hash)
       end
diff --git a/lib/devise/strategies/token_authenticatable.rb b/lib/devise/strategies/token_authenticatable.rb
index 5e5d26ba..e5dba730 100644
--- a/lib/devise/strategies/token_authenticatable.rb
+++ b/lib/devise/strategies/token_authenticatable.rb
@@ -20,8 +20,8 @@ module Devise
 
     private
 
-      # TokenAuthenticatable params can be given to any controller.
-      def valid_controller?
+      # TokenAuthenticatable request is valid for any controller and any verb.
+      def valid_request?
         true
       end
 
diff --git a/lib/generators/devise_install/templates/devise.rb b/lib/generators/devise_install/templates/devise.rb
index c816dc04..8c1e682b 100644
--- a/lib/generators/devise_install/templates/devise.rb
+++ b/lib/generators/devise_install/templates/devise.rb
@@ -12,7 +12,10 @@ Devise.setup do |config|
   # session. If you need permissions, you should implement that in a before filter.
   # config.authentication_keys = [ :email ]
 
-  # Tell if authentication for http is enabled. True by default.
+  # Tell if authentication through request.params is enabled. True by default.
+  # config.params_authenticatable = true
+
+  # Tell if authentication through HTTP Basic Auth is enabled. True by default.
   # config.http_authenticatable = true
 
   # The realm used in Http Basic Authentication