[eluser]TheFuzzy0ne[/eluser]
OK, this thread has been causing me some issues, so I want to clear it up. Not all of the user data is sent in the cookie if database sessions are enabled - only data such as last activity, IP address, session ID and so on, which is matched against the same information in the database. Anything else is stored directly in the database, not the cookie, so with a cookie, 4KB is your store limit for data, and with database sessions, 65KB is the limit. Bear in mind that encryption will make a string considerably longer, so if encryption is enabled, you could hit the limits without realizing.
However, I'm quite sure it's possible to upgrade the field type to something bigger if you'd like to store more data.
I hope this makes things a little clearer for anyone who I confused.