In your web application what is the best choice to store session data?

In my opinion, sessionless design is more preferrable:Pros:

1. Scalability. You can have as many servers as we want without having to share a user session. Each of them can process request (e.g. load balancing via round robin).
2. Saves server resources. We do not need to allocate memory on the server side (again - scalability).
3. No need to recover after a server restart.

Cons:

1. Having to keep some user related information in cookies (not critical).
2. Requires more coding (but not really much of coding)....

So just save a small amount of data on the client side (cookies). Usually it's authentication token (which is invalidated on password/email change) and some temporary data necessary to perform requests.All sensitive data is signed using MD5 hashes (depending on some secret information available only on the server side - e.g. salt which is a combination of hash of the password and email). So changed cookies on the client side is not a concern.