DOCUMENT:Q273974 25-APR-2001 [iis] TITLE :PRB: Session_OnStart Fires When EnableSessionState=False PRODUCT :Internet Information Server PROD/VER::5.0 OPER/SYS: KEYWORDS:kbASP kbASPObj kbGrpDSASP kbDSupport ====================================================================== ------------------------------------------------------------------------------- The information in this article applies to: - Microsoft Internet Information Server 5.0 ------------------------------------------------------------------------------- SYMPTOMS ======== When the EnableSessionState directive is set to False in Active Server Pages (ASP) page, and you request this directive, the Session_OnStart event still executes the first time that the page is requested, and the ASPSESSIONID cookie is still set. The following code shows the EnableSessionState directive set to False: <%@ Language=VBScript EnableSessionState=False %> <% 'Server-Side code here. %> In addition, if your Session_OnStart event references the Session object, and if you use Microsoft Visual Basic Scripting Edition (VBScript), you may receive the following error message: Microsoft VBScript runtime error '800a000d' Type mismatch: 'Session' NOTE: This error does not recur unless you restart the application because subsequent requests for the ASP page, even from new sessions, do not cause the Session_OnStart event to run. CAUSE ===== EnableSessionState=False disables the use of the Session object for the ASP page and disables serialization of concurrent requests to the same Session. NOTE: By default, concurrent requests to the same Session are serialized; that is, only one request executes at a time. This avoids the problems that occur if two or more separate requests are writing data to the same Session object at the same time. RESOLUTION ========== To fully disable Session for an ASP page, you must update the Internet Information Server (IIS) configuration. Because you cannot disable Session at a page level, you must disable it at a Virtual Directory/Web Application level as follows: 1. Open the Internet Services Manager (MMC), and locate the Virtual Directory/Web Application whose Session state you want to disable. 2. Right-click the Virtual Directory/Web Application, and then click Properties. 3. On the Directory, Virtual Directory, or Home Directory tab, click Configuration. 4. On the App Options tab, clear the Enable Session State object. 5. Apply the changes. To avoid the "Type mismatch" error, if you set EnableSessionState=False, and the Session_OnStart event references the Session object, you can test for IsObject(Session) as follows: Sub Session_OnStart If IsObject(Session) Then Session("Var") = "Value" End If End Sub REFERENCES ========== For additional information, click the article numbers below to view the articles in the Microsoft Knowledge Base: Q234771 FIX: Error 800a2328 Returned When Browsing a VB 6.0 WebClass Q242425 Using Session Objects with Session State Disabled Returns Error Q244465 HOWTO: Disable ASP Session State in Active Server Pages Additional query words: error 800a000d ====================================================================== Keywords : kbASP kbASPObj kbGrpDSASP kbDSupport Technology : kbiisSearch kbiis500 Version : :5.0 Issue type : kbprb ============================================================================= THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY. Copyright Microsoft Corporation 2001.