Well, with server side languages, it's just a matter of encrypting the right things. If you're dealing with passwords, encrypt them have quick database query that checks to see if the session password is valid. What type of sessions are you trying to use?