Mojolicious has a different philosophy: its session data is actually stored in the session cookie, but it is cryptographically signed with the app's secret keystring to prevent tampering.

Hi. A "signed cookies" feature does not constitute a "philosophy"

Also it is not an endorsement or suggestion on WHAT should be stored in cookies or how to use that information....

?? maybe related thoughts ??

https://tools.ietf.org/html/rfc7515

https://tools.ietf.org/html/draft-secure-cookie-session-protocol-02