WordPress 4.0 introduces a new user session API to support invalidating all login cookies on logout, among other features. By default, it leverages usermeta for persistent storage, but is built to support other backends. Since I already use Redis for page- and object-caching on this site, it seemed natural to use it for session storage as well.
The code is available at https://github.com/ethitter/WP-Redis-User-Session-Storage. This requires WordPress 4.0 to be useful.