By default a session uses a cookie in the background. To enable a cookie-less session, we need to change some configuration in the Web.Config file. Follow these steps,
* Open Web.Config
file.
* Add a <sessionState>
tag under <system.web>
tag.
* Add an attribute "
cookieless
" in the
<sessionState>
tag and set its value to "
AutoDetect
" like below:
<sessionState cookieless="AutoDetect" regenerateExpiredSessionId="true"/>​
The possible values for "cookieless" attribute are,
AutoDetect : Session uses background cookie if cookies are enabled. If cookies are disabled, then the URL is used to store session information.
UseCookie : Session always use background cookie. This is default.
UseDeviceProfile : Session uses background cookie if browser supports cookies else URL is used.
UseUri : Session always use URL.
"regenerateExpiredSessionId
" is used to ensure that if a cookieless url is expired a new new url is created with a new session. And if the same cookieless url is being used by multiple users an the same time, they all get a new regenerated session url. For further info click on the link,