ASP.NET MVC4 Session state store username

[addree]

I have created my first uber small webapp with MVC4. So far I used the layout stuff to layout the webapp and added some views controllers and a model to register and allow users to log in.Once a user logged in / registered, I store its username in the session. I read this property from the session to determine if a user has been logged in or not.Is that a bad practice? I read a lot about RESTful and stateless webapps. I kinda get the feeling that I should not save anything in my session.e.g.\[code\]@if (string.IsNullOrEmpty(Session["User"] as string)){ <dl> <dt><a href="http://stackoverflow.com/Account/Register">Register</a></dt> <dt><a href="http://stackoverflow.com/Account/Login">Login</a></dt> </dl>}else{ <dl> <dt><a href="http://stackoverflow.com/Account/ShowAccount/@Session["User"]">@Session["User"]</a></dt> <dt><a href="http://stackoverflow.com/Account/Logout">Log out</a></dt> </dl> }\[/code\]Q1: is this a bad practice?Q2: is this "hack safe"? As is, is it easy to hack the current session and store a value in Session["User"] to bypass logging in?