I try to put as little as possible in the session. In most cases, all I have is an authentication identifier. Everything else is in the database, so why store it in the session? Yes, yes, there are obviously reasons to have things that persist between page loads, but for those I mostly use cookies. I like to keep the session clean. That's just my preference.