We have all see the overuse and misuse of session objects through web-based .Net applications.
In moving away from this practice there are options like SOSS and other server-based options to store this data.
In trying to keep the architecture more simple, I have become a fan of creating a user object and storing the serialized version in FormsAuthenticationTicket.UserData.
This requires a bit of extra overhead on every page load but workable. User ID's are maintained as a GUID so no "guessing" if someone looks at their cookie, plus it can be encrypted.
Other options?