What should I be aware of when using session variables?

I'm planning to use some session variables on an intranet ASP/VB.NET page, and want to make sure that I'm not missing out on anything important I should know, or that I have my information mixed up. So开发者_高级运维 here's what I (think) I know about session variables.

They:

• are stored on the server, so if I have a lot of users then they'll each be using some more memory which could lead to a slowdown.
• are inaccessible by the user unless I expose access.
• hang around/persist across user requests (i.e. each time the user makes a request from the page the data will still be there - until it times out). This also means that I need to make sure that the variable doens't have "left over" data in it.

Is there anything that I've got totally wrong, or anything I'm missing? I'd prefer not to get bitten by a bug down the road because I think I understand what's going on.

Thanks!

Unless it's a trivial app, I'd advise (out of proc) using StateServer or SQL server for session, with a preference to SQL. To configure just make a small change to web.config and run a sql script (see http://msdn.microsoft.com/en-us/library/ms972429.aspx). It will save you a lot of headaches with IIS recycles and allow you to scale your app to multiple load balanced servers if the need should ever arise.