SP V3 client side session questions

[Cantor, Scott]

If you have development questions, please move that to the dev list or just add comments to the JIRA issue.

The mechanism is based on a shared AES key and AES-GCM encrypted data with a rolling key, same as the IdP uses. The ability to invalidate everything and everybody at once isn't actually disappearing because restarting the in-memory caches and just replacing the active key(s) will render any blobs in the wild unusable.

-- Scott