I have an ASP.NET application that uses a custom MembershipProvider to allow users to log in and gain access to certain features. The MembershipProvider uses ASP.NET’s built-in forms authentication to set cookies and keep track of who the user is.

Now that I’ve got the user logged in, what’s the best way to store user-specific information for their session? In the past I’ve just used Session variables ie Session["ReputationLevel"] = "4230"; (my application doesn’t actually have a reputation level variable, this is just an example). Is this still the best way when using a MembershipProvider? Would it be better to somehow build this information into the provider itself, or into a custom MembershipUser implementation? If I keep everything in the session, I suppose I’d have to abandon the session when the MembershipProvider indicates that the user had logged out…?

Sorry if this question is vague. I’ve been doing mostly ColdFusion development for the past few years, and I’m still kinda new to some of these ASP.NET technologies. I thought the MembershipProvider functionality would take care of everything I needed, but I’m now seeing there are still some holes in my implementation (in this case, where to store additional data).

This question appears to be similar, but doesn’t appear to be quite what I’m asking.