WordPress 4.0 introduced a new user session API to support invalidating all login cookies on logout, among other features. By default, it leverages usermeta for persistent storage, but is built to support other backends. Since I once used Redis for page- and object-caching on this site, it seemed natural to use it for session storage as well.
The plugin is available at https://wordpress.org/plugins/wp-redis-user-session-storage/ and the code is available at https://git.ethitter.com/wp-plugins/wp-redis-user-session-storage. This requires WordPress 4.0 to be useful.