Read it many times on StackOverflow and C# corner. Just wondering why? If it is a bad practice then what are the alternatives. Apologies if I'm being naive, I've just started with web development.
Previously full page refreshes were more common to update content than partial updates in web applications. Since then with the numerous improvements in libraries and learning resources, we have apps which after first page load never request the page in it's entirety unless the user desires it so.
With partial updates being sent and received from server, it has become common to store state in server. If it is more optimal to store state in client, we have old solution of using cookies or the new way of using Web Storage and IndexedDB. The idea of storing state in encoded fields and posting it to server (View State) increases the page size apart from being unnecessary.
For Session State, all I can say is that the minimum data you hold in sessions, the more you are isolated from machine failures and data loss. If it's important data, store in db else store on client side. But small amounts of data for authentication can be stored in Session.
For Application State, similar argument as above => use DB.