Session

Session is a server side storage of your variables. Default, it stored on server's memory. But you can configure it to store at SqlServer. It's scope is browser wide. 

• Session data is stored on the server and key are stored in cookies files, if cookies is disabled then session id key passed via query string. <sessionState cookieless="AutoDetect" />
• Same user can run two or more browsers and each browser has it's own session.
• Maintain Data all over the application.
• Store any kind of object.
• Secure and transparent from the user (You can save sensitive data in session)
• After user closes browser, session timeout only clears all information. (default is 20 minutes) <sessionState timeout="30" />
• Can disable Session in Page Level and Application Level(web.config)
• Can set Read Only in page level.
• Use Out-Proc Session Mode can share session between web server.

Disadvantage :

• Perform overhead in large volume, because store in Server.

Session can store at few places :

• InProc (In-Memory Object)
• Default Session Mode
• Useful in Single Web Server
• Store on the current application domain and within worker process (w3wp.exe) (access fastest)
• Object can be added without serialization.
• if worker process or App Pool restart, session data will lost.
• Not Suit Web Farm
• State Server (Aspnet_state.exe)
• Out-Proc Session Mode.
• Useful in Web Farm.
• More scalability than InProc. (dedicated state server, more memory to process it and no impact the Processing Web Server)
• Use stand-alone Windows Service , outside of IIS and application domain,  can be different server.
• Restart App domain, your session still be alive.
• Overhead Serialization and de-serialization, increase data access cost, process slow because run in different process.
• Use TCP to connect (tcpip=ServerIP:42424)
• SQL Server (Database)
• Out-Proc Session Mode.
• More reliable and secure. (Restart IIS and SQL Server, the data is still here, until it time out)
• Useful in Web Farm.
• If Server Frequent restart, SQL Server is best choice.
• More Scalable than State Servcer and InProc
• keep data centralized location (Database).
• able to share session between 2 application.
• Slower than StateServer and InProc. (Retreive Data from HardDisk is slower than Memory)
• Overhead Serialization and de-serialization, increase data access cost, process slow because run in different process.
• Custom (Custom Provider)
• Existing table to store session data.
• We need to create own session ID.
• No Depend ON IIS
• Create own algorithm for generate session ID.
• Process Data slow
• need to handle yourself, especially security.