There are several places to store data for an ASP.NET web page. These places are far from interchangeable. Careless placement of data can lead to a poor web page and bad user experience. The following are some guide lines that I consider appropriate.
Use for: Data that defines the web page. Such as the ID for a product or the terms for search results.
Remember: This becomes permanent if the page is bookmarked. Don’t store temporary modifiers in the URL. For example, if the user bookmarks the login page after a failed login attempt they shouldn’t have to see the error message every time they return.
Use for: Applications where you can’t or don’t want to store data server side.
Remember: This data is stored permanently in the browser. The data won’t be available if the user returns with a different browser or device.
Use for: Remembering users across visits on web sites requiring login. Or remembering user settings on web sites that does not use logins.
Remember: Current EU law dictates that web sites targeting EU citizens must obtain user permission when setting cookies. Though there are some exceptions.
Use for: Data related to the currently logged in user.
Remember: The session is controlled by a session cookie stored in the browser. ASP.NET takes care of this automatically. It is the browser that determines when the session ends by removing the cookie. Session cookies used for authentication purposes does not fall under the EU law described above.
Use for: Data you want to keep between page requests, but not longer. Good for showing the user that data has been saved for example.
Remember: This data is stored in the session but has the extra property that it disappears after being read.
Use for: As a cache for common data needed server side.
Remember: This data is common for all users and persists until the application reloads. The data must be handled in a thread safe manner.
Use for: Everything that needs permanent storage.
Remember: Database design and management is a whole science in and of itself.