How To Disable Cookies That Are Sent by Active Server Pages (163010)


The information in this article applies to:

  • Microsoft Active Server Pages
  • Microsoft Internet Information Server 4.0
This article was previously published under Q163010
We strongly recommend that all users upgrade to Microsoft Internet Information Services (IIS) version 6.0 running on Microsoft Windows Server 2003. IIS 6.0 significantly increases Web infrastructure security. For more information about IIS security-related topics, visit the following Microsoft Web site:

http://www.microsoft.com/technet/security/prodtech/IIS.mspx

SUMMARY

Active Server Pages (ASP) uses cookies to track SessionIDs. As a result, the browser is sent a cookie when a new session is created. Typically this occurs the first time a particular client requests an ASP page in your Web application. If Internet Explorer is configured to "Warn before accepting cookies," you will see a warning dialog box when this SessionID cookie is sent to the browser. This article explains how to prevent ASP from sending these cookies.

NOTE: Disabling SessionID cookies is not recommended because it seriously limits the functionality of Active Server Pages.

MORE INFORMATION

Active Server Pages provides a configurable registry setting that can be used to disable Session State. The following registry value controls Session State: 
  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
   \W3SVC\ASP\Parameters\AllowSessionState

If you set AllowSessionState to 0, ASP no longer sends SessionID cookies to the browser.

WARNING: Setting AllowSessionState to 0 disables the use of sessions in your Web application. This means that you will not be able to store or retrieve session variables. If your Web application uses session variables, as most do, your pages will no longer function properly. In addition, you will encounter scripting errors in the server-side scripts, which use session variables.

REFERENCES

For additional information, click the article number below to view the article in the Microsoft Knowledge Base:

244465 How To Disable ASP Session State in Active Server Pages

For the latest Knowledge Base articles and other support information on Visual InterDev and Active Server Pages, see the following page on the Microsoft Technical Support site:

http://support.microsoft.com/ph/3022

Modification Type:MajorLast Reviewed:2/10/2006
Keywords:kbASPObj kbCookie kbhowto KB163010
©2004 Microsoft Corporation. All rights reserved.