Depending on the complexity of your application you have a number of choices
- Store the State of the Application in hidden forms
- Store the State in a Database
- Store the State in the URL
- Store the State in a Server Side Continuation
Most of those are differnt ways of saying the same thing though. Basically the web server has to have some way to relate the user's GET or POST request to some stored data on the server to allow it to "remember" where the user left off.
If you were going to use a database, you might store an identifier for the session in a cookie, then use that identifier as a key in a database row where you store the other variables your application needs to track.
Of course eventually you have to get rid of all those stored sessions in your database. You can't always depend on users to log out but your application shouldn't just wipe a user's session while they're browsing!