On Fri, Dec 18, 2015 at 10:55 AM, Török Edwin <edwin+ml-ocaml@etorok.net> wrote:

>
> The library ships with an in-memory backend (for development and testing) and a postgresql-ocaml[0] based backend.

How about signed cookies as a storage backend?
Python Flask and Django can use it to store session entirely in the cookies with an hmac signature and expiration time, so your server can be entirely stateless.
As long as the amount of data in your session is small, and all you need is authenticated data (and not secret data) I think its quite an elegant solution,
and more fitting with a functional style.

This is interesting. As far as I can tell, it should be possible to implement this as a backend without any modifications to module signatures.

Now of course comes the question Cryptokit or nocrypto :)

That decision, for better or worse, has already been made by ocaml-session: it uses nocrypto to generate session keys.

-Spiros E.