Not all applications or pages need to be targeted for specific users, and you should disable session status for any applications or page that does not require a session state.
To disable the session state of the page, set the EnableSsesTate attribute in the @ page instruction to false. For example, <% @ page enablessionState = "false"%>.
Note If the page needs to access the session variable, it is not intended to create or modify them, set the enableessionState property in the @ page instruction to Readonly. The session status of the XML Web Services method can also be disabled. For more information, see XML Web Services created using ASP.NET and XML Web Services client.
To disable the application's session state, set the MODE property to OFF in the sessionState configuration section of the application web.config file. For example,
