I am upgrading a website written using ASP.NET 1.1 and the logic for the login page includes verifying the credentials, calling FormsAuthentication.SetAuthCookie() and populating the Session with the user information.

I am updating this page to use Login controls and the Membership API and am trying to wrap my head around the concepts that have been changed.

1. Most of the samples I see do not do anything on the login button event handler, so is the logic of setting the cookie abstracted out into the control?
2. Also, how do I check if a user is logged in or not on other pages. Does it still store user information using the Session?
3. How do I check if a user belongs to a particular role or not (Earlier, I would look in the Session object to do something like this)
4. Is the Session a bad way of storing user info?

Thanks