I refer you to Dormando's oft-cited explanation of how to store sessions in MySQL with memcached caching. The original LiveJournal post is more wordy but more thoroughly explains why storing sessions in memcached only is a bad idea.
- Read session data from memcached first, look in MySQL on a cache miss.
- Write session data to memcached on every update.
- Only write to MySQL if cache data hasn't been synced for 120 seconds or so.
- Run a periodic script that checks MySQL for expired sessions. For every expired session, update from memcached and only expire the ones that are truly expired.