I'm stepping up into managed user territory and I'm trying to find out what the "state of the art" is or the options are besides the usual cookies and php sessions. For my site's purpose, I'm interested in using Shibboleth and LDAP to authenticate users. I've been working on setting up the LDAP server and have it to a point where I can consider other things like sessions/user tracking, plus iframe and wap applications.
I've done a little searching on cookieless sessions, but haven't found much yet that was new or authoritative. I read a thread here that mentioned passports, but it wasn't explained.
I would really like to hear your opinions and suggestions on things I've mentioned.