Talk:Session Management

This chapter needs to be broken into:

Session fundamentals - crypto - idle - etc

Session storage - client side storage - server side storage

Per-platform - simplify each section - add a J2EE and .NET section

Q: (Javier Fernandez-Sanguino) Should this chapter add a reference (in the "Protecting identifier section") to http://www.owasp.org/index.php/HTTPOnly ? Although not (yet) standard this is supported by all major browsers.