Frameworks and sessions
I hate sessions, they’re evil.
PHP is the worst offender since it’s built into the language and you end up with effective scalability limitations and turds in your temp file system. django isn’t much better since all of the cool admin functionality is built using the contrib.auth module which depends on sessions as well. Long ago in a galaxy far away I learned that such assumptions are bad, you should handle your authentication with some cookies that are totally independent of your application. Your sessions state should be passed around via posts or other URL tricks…
Don’t get me started today on the detail that django requires a “username” to authenticate. Half tempted to write the “uber auth” module which allows for both email registration and facebook/google connect, etc. authentication.