[eluser]Jondolar[/eluser]
Also, in some shared hosting environments, anyone that can view the /tmp direcotry (or the directory where sessions are stored) can view the content of every session variable that is active. This wouldn't be a problem if you encrypt your data prior to storing it in a session variable. Storing data in a session variable does take fewer resources on the server and may be quicker/easier to code (although I wouldn't use that as a criteria).