Configure Use Cookies Mode for Session State (IIS 7)

Applies To: Windows 7, Windows Server 2008, Windows Server 2008 R2, Windows Vista

A session cookie associates session information with client information for the session, which is the duration of a user's connection to a site. The cookie is passed together with all requests between a client and a Web server in an HTTP header.

It is more efficient to use cookies to track session state than it is to use any other methods that do not use cookies, because cookies do not require any redirection. In addition, they allow users to bookmark Web pages, and they retain state if a user leaves one site to visit another and then returns to the original site. However, cookies have the following drawbacks:

  • Not all browsers support cookies.

  • Users can disable cookies.


For information about the levels at which you can perform this procedure, and the modules, handlers, and permissions that are required to perform this procedure, see Session State Feature Requirements (IIS 7).

Exceptions to feature requirements

  • None

To configure Use Cookies mode for session state

You can perform this procedure by using the user interface (UI), by running Appcmd.exe commands in a command-line window, by editing configuration files directly, or by writing WMI scripts.

User Interface

To Use the UI

  1. Open IIS Manager and navigate to the level you want to manage. For information about opening IIS Manager, see Open IIS Manager (IIS 7). For information about navigating to locations in the UI, see Navigation in IIS Manager (IIS 7).

  2. In Features View, double-click Session State.

  3. On the Session State page, in the Cookie Settings area, select Use Cookies from the Mode drop-down list.

  4. Type a cookie name in the Name text box, or use the default cookie name, ASP.NET_SessionId.

  5. Type a time-out value in the Time-out text box, or use 20 minutes, the default time-out value.

  6. Click Apply in the Actions pane.


To configure use cookies mode for session state, use the following syntax:

**appcmd set config /commit:WEBROOT /section:sessionState /cookieless:UseCookies /cookieName:**string **/timeout:**timeSpan

The variable cookieless:UseCookies configures IISĀ 7 to use cookies mode for session state. This is the default value. The variable string is the name of the cookie. The default value is ASP.NET_SessionId. The variable timeSpan sets the time, in minutes, after which the cookie will time out. The default is 20 minutes. For example, to set a use cookie mode cookie for session state (called MyCookie and that expires after 40 minutes), type the following at the command prompt, and then press Enter:

appcmd set config /commit:WEBROOT /section:sessionState /cookieless:UseCookies /cookieName:MyCookie/timeout:40


When you use Appcmd.exe to configure the <sessionState> element at the global level in IIS 7, you must specify /commit:WEBROOT in the command so that configuration changes are made to the root Web.config file instead of ApplicationHost.config.

For more information about Appcmd.exe, see Appcmd.exe (IIS 7).


The procedure in this topic affects the following configuration elements:

  • <sessionState>

  • <sessionPageState>

For more information about IISĀ 7 configuration, see IIS 7.0: IIS Settings Schema on MSDN.


Use the following WMI classes, methods, or properties to perform this procedure:

  • SessionStateSection.Cookieless property "UseCookies" flag

For more information about WMI and IIS, see Windows Management Instrumentation (WMI) in IIS 7. For more information about the classes, methods, or properties associated with this procedure, see the IIS WMI Provider Reference on the MSDN site.

See Also


Configuring the Cookie Mode for Session State (IIS 7)
Configuring Session State in IIS 7