Basic session support. Sessions are (currently) just maps of strings to strings which are serialised and sent to the client using a Cookie. Serialised, they should be less than 4K, so the sum of all your strings in the map should be < 3900 bytes to be safe.
The cookies are HMACed and encrypted so that the client can't inspect nor alter them. The key is, by default, generated randomly every time the server starts. If you want the cookies to be reusable across restarts or servers you need to set the key yourself.
Also, by the default, the cookies are set to expire when the browser session ends.
Return the current session. If the user didn't present a cookie, or the cookie is invalid, an empty map is returned.
Set the current session. This alters the headers of the current request,
so future actions which reset the headers (like
setReply) will undo