There are no restrictions in comparison with the machine on which the service is located. If it has 16 gigabytes of RAM, it is assumed that for other processes / OS / etc. Several concerts are used, approximately 13 GB of memory will be available for the session data. Data is not saved to disk, so data always exists in RAM / memory; therefore, when you restart the service, all sessions disappeared. The memory is unstable and works like a RAM disk.
If you have reached the memory limits of the machine where your session state service is hosted, you either store too much data per user, or too many users that store small data. You are already on the right track, as the next step moves to the distributed session state provider for proper scaling. This is often achieved using a distributed caching system that comes with a session state provider or by writing your own provider against the specified system.
There are no data restrictions for each user, but note that serialization always occurs due to communication with the process. Therefore, there is a practical limit, because serializing / deserializing a concert of user data for each request will be very slow, no matter how you approach it.
Haney source share