HOW TO: Turn Off ASP Session State in Active Server Pages and IIS
This article was previously published under Q244465
We strongly recommend that all users upgrade to Microsoft Internet Information Services (IIS) version 7.0 running on Microsoft Windows Server 2008. IIS 7.0 significantly increases Web infrastructure security. For more information about IIS security-related topics, visit the following Microsoft Web site:
http://www.microsoft.com/technet/security/prodtech/IIS.mspx (http://www.microsoft.com/technet/security/prodtech/IIS.mspx)
For more information about IIS 7.0, visit the following Microsoft Web site: http://www.iis.net/default.aspx?tabid=1 (http://www.iis.net/default.aspx?tabid=1)
On This Page
SUMMARYThis step-by-step article describes how to improve the performance of your Web...
This step-by-step article describes how to improve the performance of your Web server by turning off Active Server Pages (ASP) session state.
The Web server with ASP automatically creates a Session object when a Web page from the application is requested by a user who does not already have a session. The server destroys the Session object when the session expires or is abandoned, and when session state is turned off, ASP does not track users and does not permit an ASP script to store information in the Session object or use the Session_OnStart or Session_OnEnd events. These Session objects consume valuable resources. By turning off sessions, you can improve the performance and scalability of your ASP Web application. You can turn off session state either for the whole Web site or for specific ASP pages.
NOTE: Sessionless applications do not do the following: Note, however, that the session ID cookie is still sent and the Session_OnStart event still fires if a page with EnableSessionState=False is requested.
The Web server with ASP automatically creates a Session object when a Web page from the application is requested by a user who does not already have a session. The server destroys the Session object when the session expires or is abandoned, and when session state is turned off, ASP does not track users and does not permit an ASP script to store information in the Session object or use the Session_OnStart or Session_OnEnd events. These Session objects consume valuable resources. By turning off sessions, you can improve the performance and scalability of your ASP Web application. You can turn off session state either for the whole Web site or for specific ASP pages.
NOTE: Sessionless applications do not do the following:
- Execute Session_OnStart procedures.
- Send session ID cookies.
- Access built-in Session objects or session scope objects that are created with the
- Serialize execution with other session requests.
Back to the topTurn Off ASP Session State on an IIS 4.0 Web Site
To turn off sessions for the ASP Web application at the Web site level by using IIS 4.0:- Click Start, point to Programs, click Windows NT 4.0 Option Pack, click Microsoft Internet Information Server, and then click Internet Service Manager.
- Right-click your Web site, and then click Properties.
- Click the Home Directory tab.
- Click Configuration, and then click the App Options tab.
- Click to clear the Enable Session State check box.
Turn Off ASP Session State on an IIS 5.0 Web Site
To turn off sessions for the ASP Web application at the Web site level by using IIS 5.0:- Click Start, point to Programs, click Administrative Tools, and then click Internet Information Services.
- Right-click your Web site, and then click Properties.
- Click the Home Directory tab.
- Click Configuration, and then click the App Options tab.
- Click to clear the Enable Session State check box.
Turn Off ASP Session State on an IIS 5.1 Web Site
To turn off sessions for the ASP Web application at the Web site level by using IIS 5.1:- Click Start, point to Programs, click Administrative Tools, and then click Internet Information Services.
- Right-click your Web site, and then click Properties.
- Click the Home Directory tab.
- Click Configuration, and then click the Options tab.
- Click to clear the Enable Session State check box.
Turn Off ASP Session State on a Specific ASP Page
You may also turn off session state for a specific ASP page by adding the following directive at the top of the ASP page:<%@ EnableSessionState=False %>
REFERENCESFor additional information about how to disable session state, click the article...
For additional information about how to disable session state, click the article numbers below to view the articles in the Microsoft Knowledge Base:
306996 (http://support.microsoft.com/kb/306996/EN-US/ ) HOW TO: Disable ASP Session State in ASP.NET
For additional information about how to disable session state on a Web site with Front Page Server Extensions installed, click the article numbers below to view the articles in the Microsoft Knowledge Base: 324249 (http://support.microsoft.com/kb/324249/EN-US/ ) FP: Database Error Messages When Session State Is Disabled
324293 (http://support.microsoft.com/kb/324293/EN-US/ ) FP: Confirmation Page Appears But No Data Is Added to Database
APPLIES TO
- Microsoft Active Server Pages 4.0
- Microsoft Internet Information Server 4.0
- Microsoft Internet Information Services 5.0
No comments:
Post a Comment