"A Secure Cookie Protocol" outlines a scheme for tokens, without the need of server side storage.

* http://www.cse.msu.edu/~alexliu/publications/Cookie/cookie.pdf