Session state is similar to application state but it is scoped in the current browser session and it stores values in the session state. When a developer wants to store sensitive information then better to use SSL (Secure socket layer) encrypt or different communication between client browser and server. When more users are logged on the server then burden could be increased on the server. It could slow down the performance too. By default a SessionID will be stored in the client browser.
Session["sbDetails"] = "Slightbook"; string sb = Session["sbDetails"];