The answer is yes and no.
No, because we are not certain of the lifetime of the CONTEXT_INFO. We open/close the DB connection as needed and don't expose it at the application level. Thus, each connection issued to the db may results in a different session.
The answer is yes, if you can move away from using CONTEXT_INFO. DevForce uses role-based security within the application level, not the database, based on the principal. We have what we called Query Interceptor and Query Filters that supports this same concept, but on an application level instead of the database level.
Hope this helps.