Thursday, November 20, 2008

HOW TO: Turn Off ASP Session State in Active Server Pages and IIS

HOW TO: Turn Off ASP Session State in Active Server Pages and IIS

This article was previously published under Q244465
We strongly recommend that all users upgrade to Microsoft Internet Information Services (IIS) version 7.0 running on Microsoft Windows Server 2008. IIS 7.0 significantly increases Web infrastructure security. For more information about IIS security-related topics, visit the following Microsoft Web site:
http://www.microsoft.com/technet/security/prodtech/IIS.mspx (http://www.microsoft.com/technet/security/prodtech/IIS.mspx)
For more information about IIS 7.0, visit the following Microsoft Web site:
http://www.iis.net/default.aspx?tabid=1 (http://www.iis.net/default.aspx?tabid=1)

On This Page

Expand all | Collapse all

SUMMARY
This step-by-step article describes how to improve the performance of your Web...

This step-by-step article describes how to improve the performance of your Web server by turning off Active Server Pages (ASP) session state.

The Web server with ASP automatically creates a Session object when a Web page from the application is requested by a user who does not already have a session. The server destroys the Session object when the session expires or is abandoned, and when session state is turned off, ASP does not track users and does not permit an ASP script to store information in the Session object or use the Session_OnStart or Session_OnEnd events. These Session objects consume valuable resources. By turning off sessions, you can improve the performance and scalability of your ASP Web application. You can turn off session state either for the whole Web site or for specific ASP pages.

NOTE: Sessionless applications do not do the following: