Session State in ASP.NET can be enabled and disabled both at
the page and application levels. This section discusses how we can enable and
disable Session state at both the page and application levels.
We can disable Session State for the pages that do not
require access to Session data using the EnableSessionState statement in the Page
directive of a page as shown below.
<%@ Page EnableSessionState="False" %>
Session State for a page can also be set to read only for
pages that require access to the Session data, but do not modify them. Refer
to the statement below.
<%@ Page EnableSessionState="ReadOnly" %>
Session State can also be disabled for all the pages of the
application by specifying the same at the application level in the
configurations section of the web.config file.
<pages enableSessionState="false" />
It is also possible to set the Session State to read-only
for all the pages in the application.
<pages enableSessionState="ReadOnly" />