How To Disable ASP Session State in ASP.NET (306996)


The information in this article applies to:

  • Microsoft ASP.NET (included with the .NET Framework 1.1)
  • Microsoft ASP.NET (included with the .NET Framework) 1.0
This article was previously published under Q306996
For additional information about how to perform this task by using Microsoft Active Server Pages, click the article number below to view the article in the Microsoft Knowledge Base:

244465 How To Turn Off ASP Session State in Active Server Pages and IIS

IN THIS TASK

SUMMARY

This step-by-step article demonstrates how to disable session state in ASP.NET.

When session state is enabled, ASP.NET creates a session for every user who accesses the application, which is used to identify the user across pages within the application. When session state is disabled, user data is not tracked, and you cannot store information in the Session object or use the Session_OnStart or Session_OnEnd events. By disabling session state, you can increase performance if the application or the page does not require session state to enable it.

In ASP.NET, if you do not use the Session object to store any data or if any of the Session events (Session_OnStart or Session_OnEnd) is handled, session state is disabled. A new Session.SessionID is created every time a single page is refreshed in one browser session.

back to the top

Disable Session State at the Application Level

The following steps demonstrate how to disable session state at the Application level, which affects all pages in the application:
  1. Start Microsoft Visual Studio .NET, and create a new ASP.NET Web Application.
  2. In Solution Explorer, double-click Web.config to view the contents of this file.
  3. Locate the <sessionState> section, and set the mode value to Off.
  4. Save the file and/or the project to disable session state throughout all pages in the application.
back to the top

Disable Session State at the Page Level

The following steps demonstrate how to disable session state at the Page level, which affects only the specific pages that enable these changes:
  1. Start Microsoft Visual Studio .NET, and create a new ASP.NET Web Application.
  2. In Solution Explorer, double-click the Web Form for which you want to disable session state.
  3. Click the HTML tab.
  4. At the top of the page, add EnableSessionState="false" in the @ Page directive. The modified attribute should appear similar to the following:
    <%@ Page language="c#" Codebehind="WebForm1.aspx.cs" 
AutoEventWireup="false" Inherits="WebApplication1.WebForm1" 
EnableSessionState="false" %>
  5. Save the file and/or project to disable session state throughout all pages in the application.
back to the top

Troubleshooting

If you try to set or retrieve information when session state is disabled, you receive the following error message:
Session state can only be used when enableSessionState is set to true, either in a configuration file or in the Page directive
back to the top

REFERENCES

For more information about session state, refer to the following topics in the .NET Framework Software Development Kit (SDK) documentation:

ASP.NET Session State
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnaspnet/html/asp12282000.asp

<sessionState> Section
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpgenref/html/gngrfsessionstatesection.asp

back to the top
Modification Type:MinorLast Reviewed:6/29/2004
Keywords:kbConfig kbHOWTOmaster kbState kbWebForms KB306996 kbAudDeveloper
©2004 Microsoft Corporation. All rights reserved.