6 * do not expend any server side resources for empty sessions
8 * don't create a session cookie unless there is a session
10 * be reluctant to write to the database (updating expiry etc)
12 * allow us to distinguish between secure sessions and insecure ones.
14 * allow us to store flash in memcache only