Do You Really Need All That Session Data?
When I started web development in 2003 I was using PHP4 as my language of choice. In PHP4, sessions were a built-in feature where the mechanics were somewhat hidden from you. You could initialize a session by calling a function (session_start) and then you would have access to the aptly named $_SESSION variable, which was simply - for all intents and purposes - an associative array.
When I moved on to the world of Python and Django, I carried over the mindset that a session needed to be a hash that I could use to store all kinds of important data. As it turns out, though, all I was really storing was the user's name or their email or something of that nature; nothing that required the use of a database.
So the overhead that I was incurring to store a user's session data in a database and retrieve it every time they made a request was absurd. Now I'm not saying you should never do that, I'm simply saying that if it's not a necessity to store more than the user's name, why not just use a signed cookie? For simple authentication or tracking, using a signed cookie can save you unnecessary hits to your database.
Just my two cents.