Session variables are used to store information across requests in an application. Typically sessions variables are used to store small amounts of information that help customize the application’s behavior. The session information is serialized and then stored as a binary in the database. The session is loaded each time a request is made, so storing large data structures or large amounts of information in the session can cause performance problems.
Here is an example:
Imagine that we have a multi-page wizard that is collecting partial information in each page. The information will be stored when the wizard completes. We may think that storing this temporary information in the session is a good idea, but each time a request is made that is not involved with the wizard, all the partial information stored in the session is loaded anyway. This same type of thing happens if we make an AJAX request to retrieve something like a dynamic drop down lists that don’t use any session information at all.
Having large session variables can increase contention on the database and CPU utilization. Each request requires the session to be retrieved from the database and then deserialized. As the number of concurrent users increases the contention increases as well as the processing required to serialize and deserialize the variables.
Store large session variables in a specific database table. Use the session Id as the primary key for the data. This way the large pieces of data only have to be loaded for the requests which need it.