A session is extracted from a request using extract/2. An updated session is sent the the client using embed/3 or a response To expire a session use expire/2 on a response.
extract/2
embed/3
expire/2
Store the session in an encrypted cookie.
Stores the session in a signed cookie.