docs: update README.md #62

README.md

@@ -35,27 +35,28 @@ Also, please note the following special message strings that can be returned via
 
 | name | purpose |
 | --- | --- |
-| expired | passcode response expired and the user must re-verify |
+| expired | passcode response expired and the user must re-verify, or did not answer before session expired |
 | error | there was an error displaying the challenge |
-| cancel | the user closed the challenge, or did not answer before session expired |
+| cancel | the user closed the challenge |
 | open | the visual challenge was opened |
 
 
 Any other string returned by `onMessage` will be a passcode.
 
+
 ### Handling the post-issuance expiration lifecycle
 
 This extension is a lightweight wrapper, and does not currently attempt to manage post-verification state in the same way as the web JS API, e.g. with an on-expire callback.
 
 In particular, if you do **not** plan to immediately consume the passcode returned by submitting it to your backend, you should start a timer to let your application state know that a new passcode is required when it expires.
 
-By default, this value is 120 seconds. Thus, you would want code similar to the following in your app when handling `onMessage` responses that return a passcode:
+By default, this value is 120 seconds. So, an `expired` error will be emitted to `onMessage` if you haven't called `event.markUsed()`.
 
-```
-this.timeoutCheck = setTimeout(() => {
-   this.setPasscodeExpired();
-   }, 120000);
-```
+Once you've utilized hCaptcha's token, call `markUsed` on the event object in `onMessage`, like `event.markUsed()`.
+
+### Handling errors and retry
+
+In case of an `error`, you can `reset` hCaptcha by calling `event.reset()`` to perform another attempt at verification.
 
 ## Dependencies