Because every full size framework has their own implementation of session handling, it'd be very difficult to have a framework agnostic authentication. You'd end up with a bunch of drivers. You also have to consider database handling, but you could technically use two DB connections at once. That's not so easy to pull off with sessions. I've actually been thinking about such an authentication system, and I did find something called Opauth, but it uses a bunch of "strategies", which may just be drivers. I didn't take a good look at it.