HOW TO: Turn Off ASP Session State in Active Server Pages and IIS
This article was previously published under Q244465
We strongly recommend that all users upgrade to Microsoft Internet Information Services (IIS) version 7.0 running on Microsoft Windows Server 2008. IIS 7.0 significantly increases Web infrastructure security. For more information about IIS security-related topics, visit the following Microsoft Web site:
http://www.microsoft.com/technet/security/prodtech/IIS.mspx (http://www.microsoft.com/technet/security/prodtech/IIS.mspx)
For more information about IIS 7.0, visit the following Microsoft Web site: http://www.iis.net/default.aspx?tabid=1 (http://www.iis.net/default.aspx?tabid=1)
On This Page
SUMMARYThis step-by-step article describes how to improve the performance of your Web...
This step-by-step article describes how to improve the performance of your Web server by turning off Active Server Pages (ASP) session state.
The Web server with ASP automatically creates a Session object when a Web page from the application is requested by a user who does not already have a session. The server destroys the Session object when the session expires or is abandoned, and when session state is turned off, ASP does not track users and does not permit an ASP script to store information in the Session object or use the Session_OnStart or Session_OnEnd events. These Session objects consume valuable resources. By turning off sessions, you can improve the performance and scalability of your ASP Web application. You can turn off session state either for the whole Web site or for specific ASP pages.
NOTE: Sessionless applications do not do the following:
The Web server with ASP automatically creates a Session object when a Web page from the application is requested by a user who does not already have a session. The server destroys the Session object when the session expires or is abandoned, and when session state is turned off, ASP does not track users and does not permit an ASP script to store information in the Session object or use the Session_OnStart or Session_OnEnd events. These Session objects consume valuable resources. By turning off sessions, you can improve the performance and scalability of your ASP Web application. You can turn off session state either for the whole Web site or for specific ASP pages.
NOTE: Sessionless applications do not do the following:
- Execute Session_OnStart procedures.
- Send session ID cookies.
- Access built-in Session objects or session scope objects that are created with the