These are notes about Drupal sessions management. Much of this was jotted down while reading Pro Drupal Development by John VanDyk and Matt Westgate. It is a good book. You should buy it.
Sessions related settings are located in .htaccess, settings.php, and bootstrap.inc. Note that bootstrap.inc uses variable_get() to load the session handler, which allows for loading of custom session handlers.
The lifetime of a Drupal session is defined by the session.gc.maxlifetime setting in settings.php.
The lifetime of cookies set by Drupal is defined by session.cookie_lifetime in settings.php.
Drupal does not store session information the first time a user visits a site. This is to reduce the load on the sessions table generated by bots.
Changing the name of a session will allow users to remain logged in across multiple subdomains at one time. To do so, add ini_set('session.name','mysite_SESSION'); to settings.php.
09/13/08: I've never actually gotten the configuration option above to function properly and instead use the Shared Sign-On module.
Session data is viewable via the $user->session attribute of the $user object.
To store user information more permanently, add the data to the $user object like so: $user->foo = $bar. Save these changes by calling user_save().