ASP Session <session>

Overview

The <session> element of the <asp> element specifies the Active Server Pages (ASP) session state settings. Session state is a means by which Internet Information Services (IIS) 7 stores information about each unique client session. For example, if your Web site has a shopping cart application, the contents of each client's shopping cart can be stored in session state.

You must have memory resources on the server to preserve ASP session state, and the amount of memory that is required varies depending on the amount of information that you are storing in each session. To help regulate the resources that IIS 7 will use, you can specify the settings for session state. For example, the max attribute specifies the maximum number of sessions to store, and the timeout attribute specifies the duration of each ASP session.

If your applications do not require session state, setting the allowSessionState attribute to false will disable ASP session state.

Compatibility

Version	Notes
IIS 10.0	The <session> element was not modified in IIS 10.0.
IIS 8.5	The <session> element was not modified in IIS 8.5.
IIS 8.0	The <session> element was not modified in IIS 8.0.
IIS 7.5	The <session> element was not modified in IIS 7.5.
IIS 7.0	The <session> element of the <asp> element was introduced in IIS 7.0.
IIS 6.0	The <session> element replaces the following IIS 6.0 metabase properties: AspAllowSessionState AspKeepSessionIDSecure AspSessionMax AspSessionTimeout

Setup

To support and configure ASP applications on your Web server, you must install the ASP module. To install the ASP module, use the following steps.

Windows Server 2012 or Windows Server 2012 R2

1. On the taskbar, click Server Manager.
2. In Server Manager, click the Manage menu, and then click Add Roles and Features.
3. In the Add Roles and Features wizard, click Next. Select the installation type and click Next. Select the destination server and click Next.
4. On the Server Roles page, expand Web Server (IIS), expand Web Server, expand Application Development, and then select ASP.
   
5. If the Add features that are required by ASP? dialog box appears, click Add Features. (This page appears only if you have not already installed the ISAPI Extensions role service on your server.)
6. On the Server Roles page, click Next.
7. On the Select features page, click Next.
8. On the Confirm installation selections page, click Install.
9. On the Results page, click Close.

Windows 8 or Windows 8.1

1. On the Start screen, move the pointer all the way to the lower left corner, right-click the Start button, and then click Control Panel.

2. In Control Panel, click Programs and Features, and then click Turn Windows features on or off.

3. Expand Internet Information Services, expand World Wide Web Services, expand Application Development Features, and then select ASP.
   

   Note

   The ISAPI Extensions role will be selected if it has not already been installed.

4. Click OK.

5. Click Close.

Windows Server 2008 or Windows Server 2008 R2

1. On the taskbar, click Start, point to Administrative Tools, and then click Server Manager.
2. In the Server Manager hierarchy pane, expand Roles, and then click Web Server (IIS).
3. In the Web Server (IIS) pane, scroll to the Role Services section, and then click Add Role Services.
4. On the Select Role Services page of the Add Role Services Wizard, select ASP.
   
5. If the Add role services required by ASP dialog box appears, click Add Required Role Services. (This page appears only if you have not already installed the ISAPI Extensions role service on your server.)
   
6. On the Select Role Services page, click Next.
7. On the Confirm Installation Selections page, click Install.
8. On the Results page, click Close.

Windows Vista or Windows 7

1. On the taskbar, click Start, and then click Control Panel.
2. In Control Panel, click Programs and Features, and then click Turn Windows Features on or off.
3. Expand Internet Information Services, then World Wide Web Services, then Application Development Features.
4. Select ASP, and then click OK.
   

How To

How to configure ASP session state settings for a site or application

1. Open Internet Information Services (IIS) Manager:

   • If you are using Windows Server 2012 or Windows Server 2012 R2:

     • On the taskbar, click Server Manager, click Tools, and then click Internet Information Services (IIS) Manager.

   • If you are using Windows 8 or Windows 8.1:

     • Hold down the Windows key, press the letter X, and then click Control Panel.
     • Click Administrative Tools, and then double-click Internet Information Services (IIS) Manager.

   • If you are using Windows Server 2008 or Windows Server 2008 R2:

     • On the taskbar, click Start, point to Administrative Tools, and then click Internet Information Services (IIS) Manager.

   • If you are using Windows Vista or Windows 7:

     • On the taskbar, click Start, and then click Control Panel.
     • Double-click Administrative Tools, and then double-click Internet Information Services (IIS) Manager.

2. In the Connections pane, expand the server name, expand Sites, and then navigate to the Web site or Web application that you want to configure.

3. In the site or application Home pane, double-click ASP.
   

4. In the ASP pane, expand the Session Properties section and configure your desired settings.
   

5. Click Apply in the Actions pane.

Configuration

Attributes

Attribute	Description
allowSessionState	Optional Boolean attribute. Specifies whether session state persistence for an ASP application is enabled. The default value is true.
keepSessionIdSecure	Optional Boolean attribute. Specifies whether a session ID is sent as a secure cookie if assigned over a secure session channel. The default value is true.
max	Optional uint attribute. Specifies the maximum number of concurrent sessions. The default value is 4294967295.
timeout	Optional timeSpan attribute. Specifies the maximum period of time (hh:mm:ss) that a session object is maintained after the last request associated with the object is made. The default value is 00:20:00.

Child Elements

None.

Configuration Sample

The following configuration sample enables ASP session state, sets the maximum number of ASP sessions to 1000, and sets the session time-out to 10 minutes for the Default Web Site.

<location path="Default Web Site">
   <system.webServer>
      <asp>
         <session allowSessionState="true" max="1000" timeout="00:10:00" />
      </asp>
   </system.webServer>
</location>

Sample Code

The following code samples enable ASP session state, sets the maximum number of ASP sessions to 1000, and sets the session time-out to 10 minutes for the Default Web Site.

AppCmd.exe

appcmd.exe set config "Default Web Site" -section:system.webServer/asp /session.allowSessionState:"True" /commit:apphost
appcmd.exe set config "Default Web Site" -section:system.webServer/asp /session.max:"1000" /commit:apphost
appcmd.exe set config "Default Web Site" -section:system.webServer/asp /session.timeout:"00:10:00" /commit:apphost

Note

You must be sure to set the commit parameter to apphost when you use AppCmd.exe to configure these settings. This commits the configuration settings to the appropriate location section in the ApplicationHost.config file.

C#

using System;
using System.Text;
using Microsoft.Web.Administration;

internal static class Sample
{
   private static void Main()
   {
      using (ServerManager serverManager = new ServerManager())
      {
         Configuration config = serverManager.GetApplicationHostConfiguration();
         ConfigurationSection aspSection = config.GetSection("system.webServer/asp", "Default Web Site");

         ConfigurationElement sessionElement = aspSection.GetChildElement("session");
         sessionElement["allowSessionState"] = true;
         sessionElement["max"] = 1000;
         sessionElement["timeout"] = TimeSpan.Parse("00:10:00");

         serverManager.CommitChanges();
      }
   }
}

VB.NET

Imports System
Imports System.Text
Imports Microsoft.Web.Administration

Module Sample

   Sub Main()
      Dim serverManager As ServerManager = New ServerManager
      Dim config As Configuration = serverManager.GetApplicationHostConfiguration
      Dim aspSection As ConfigurationSection = config.GetSection("system.webServer/asp", "Default Web Site")

      Dim sessionElement As ConfigurationElement = aspSection.GetChildElement("session")
      sessionElement("allowSessionState") = True
      sessionElement("max") = 1000
      sessionElement("timeout") = TimeSpan.Parse("00:10:00")

      serverManager.CommitChanges()
   End Sub

End Module

JavaScript

var adminManager = new ActiveXObject('Microsoft.ApplicationHost.WritableAdminManager');
adminManager.CommitPath = "MACHINE/WEBROOT/APPHOST";
var aspSection = adminManager.GetAdminSection("system.webServer/asp", "MACHINE/WEBROOT/APPHOST/Default Web Site");

var sessionElement = aspSection.ChildElements.Item("session");
sessionElement.Properties.Item("allowSessionState").Value = true;
sessionElement.Properties.Item("max").Value = 1000;
sessionElement.Properties.Item("timeout").Value = "00:10:00";

adminManager.CommitChanges();

VBScript

Set adminManager = WScript.CreateObject("Microsoft.ApplicationHost.WritableAdminManager")
adminManager.CommitPath = "MACHINE/WEBROOT/APPHOST"
Set aspSection = adminManager.GetAdminSection("system.webServer/asp", "MACHINE/WEBROOT/APPHOST/Default Web Site")

Set sessionElement = aspSection.ChildElements.Item("session")
sessionElement.Properties.Item("allowSessionState").Value = True
sessionElement.Properties.Item("max").Value = 1000
sessionElement.Properties.Item("timeout").Value = "00:10:00"

adminManager.CommitChanges()