I generally wouldnt ever store this information in a file – you run the risk of potentially swapping this file in and out of memory (yes it could be cached at times) but I would rather use an in memory mechanism designed as such and you are then using something that is fairly nonstandard.
In ASP.Net

1. you can use in in memory collection that is good for use on a single server. if you need multiple load balanced web servers (web farm) and a user could go to any other server as they come in for each request, this option is not good. If the web process restarts, the sessions are lost. They can also timeout.

2. You can use a state server in asp.net for multiple server access – this runs outside of your webserver’s process. If the web process restarts – you are OK and multiple servers access this. This traffic going to the state server is not encrypted and you would ideally use IPSEC policies to secure the traffic in a more secure environment.

3. You can use sql server to manage state (automatically) by setting up the web.config to use sql server as your session database. This gives the advantage of a high performance database and multi server access.

4. You can use your own sessions in a database if you need them to persist to a long time outside of the normal mechanism and want tighter control on the database fields (maybe you want to query specific fields)

Also just out of curiosity – maybe you are referring to sessions as user preferences? In that case research asp.net profiles