Using in-process session state is evil when it comes to scaling web applications (does not play well with clusters, bombs out when server recycles).
Assuming you just need to keep a small amount of information in the session state, what is the downside of using encrypted cookie items for this purpose rather than specific state servers/db’s?
Obviously using cookies will create a small amount of network overhead, and clearly you operate under the assumption that cookies are enabled on the client browser/mobile device.
What other pitfalls can you see with approach?
Is this a good option for simple, scalable and robust sessions?