in reply to Adding "state" to HTTP
in thread Encrypting or Hiding Certain Info in a URL
LDAP servers, MySQL and DBM or even plain text files can also be mighty useful for session management. Like the man says username or email address should be used to retrieve data.