One thing that may or may not be a factor - multiple web servers. Once you make that architectural leap, apache-based models start failing you, as do a lot of session methods, and you're left with cookies (or a universally passed session ID param) on the user side, and database on the backend with info about sessions.

Which isn't to say that there's not a better way, but this is a big factor to consider for any reasonably large web site. Which most sites aren't, so, there you go.