Although the latest spec removes the session establishment process entirely (see http://xmpp.org/internet-drafts/draft-saintandre-rfc3921bis-07.html#diffs ), if you are interested to maintain compliance with the existing spec, when a client requests a session from a server, per section 3 of RFC3921, the following should apply:
Step 1: Client requests session with server:
Step 2: Server informs client that session has been created:
However, in Openfire, in step 2, a <session/> child is added here.
Not a big deal, but thought I'd report it...