This article was previously published under Q244465
We strongly recommend that all users upgrade to Microsoft Internet Information Services (IIS) version 7.0 running on Microsoft Windows Server 2008. IIS 7.0 significantly increases Web infrastructure security. For more information about IIS security-related topics, visit the following Microsoft Web site:
This step-by-step article describes how to improve the performance of your Web server by turning off Active Server Pages (ASP) session state.
The Web server with ASP automatically creates a Session object when a Web page from the application is requested by a user who does not already have a session. The server destroys the Session object when the session expires or is abandoned, and when session state is turned off, ASP does not track users and does not permit an ASP script to store information in the Session object or use the Session_OnStart or Session_OnEnd events. These Session objects consume valuable resources. By turning off sessions, you can improve the performance and scalability of your ASP Web application. You can turn off session state either for the whole Web site or for specific ASP pages.
NOTE: Sessionless applications do not do the following:
Execute Session_OnStart procedures.
Send session ID cookies.
Access built-in Session objects or session scope objects that are created with the <OBJECT> tag.
For additional information about how to disable session state, click the article numbers below to view the articles in the Microsoft Knowledge Base:
306996 HOW TO: Disable ASP Session State in ASP.NET
For additional information about how to disable session state on a Web site with Front Page Server Extensions installed, click the article numbers below to view the articles in the Microsoft Knowledge Base:
324249 FP: Database Error Messages When Session State Is Disabled
324293 FP: Confirmation Page Appears But No Data Is Added to Database