>>
>>Depends. In-proc session handling keeps a live reference. Any of the out of proc. handling serializes the object.
>
>Interesting - I didn't consider out-of-proc. But unless the object in question was designed to be (and tested as being) seriablizable it seems a dangerous thing to attempt. I'd guess the serialisation on a lot of objects would fail - or that they would pull in a lot of stuff that you didn't really need.
>
I'd normally suggest always running the out of proc. session handling since you don't have to worry about things like someone's session suddenly disappearing because someone made a change to the web.config file. And it survives app domain unloads. It generally just "feels" more stable to an end user (why was I suddenly logged off for no apparent reason?). But you do have to suddenly deal with the fact that the object may not be marked as (or every easily) serializable. Honestly, you shouldn't really be putting really heavy objects in sessions anyway.