Chris Shiflett - The Truth about Sessions:

“This article introduces some techniques that can reliably provide statefulness as well as defend against session-based attacks such as impersonation (session hijacking).”