Persistent sessions

[peter]

Given that the cookie is the product of md5-hexing the raw composite 
cookie data (in encode-session-string), there's no way to get the 
initial click (creation) time of the session (which is needed in 
order to ascertain whether the session has expired 
(session-too-old-p)).

So presumably, like the session-ID, we'll need to carry the session 
start time externally (outside the md5-hexed part of the cookie).

Are we thinking along the same rg?

I'm puzzled that session persistence isn't a common requirement of hunchentoot.

-peter