HOWTO: Disabling Cookies Sent by Active Server Pages

ID: Q163010


The information in this article applies to:


SUMMARY

Active Server Pages (ASP) uses cookies to track SessionIDs. As a result, the browser is sent a cookie when a new session is created. Typically this occurs the first time a particular client requests an ASP page in your Web application. If Internet Explorer is configured to "Warn before accepting cookies," you will see a warning dialog box when this SessionID cookie is sent to the browser. This article explains how to prevent ASP from sending these cookies.

NOTE: Disabling SessionID cookies is not recommended because it seriously limits the functionality of Active Server Pages.


MORE INFORMATION

Active Server Pages provides a configurable registry setting that can be used to disable Session State. The following registry value controls Session State:


  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
   \W3SVC\ASP\Parameters\AllowSessionState 

If you set AllowSessionState to 0, ASP no longer sends SessionID cookies to the browser.

WARNING: Setting AllowSessionState to 0 disables the use of sessions in your Web application. This means that you will not be able to store or retrieve session variables. If your Web application uses session variables, as most do, your pages will no longer function properly. In addition, you will encounter scripting errors in the server-side scripts, which use session variables.


REFERENCES

For the latest Knowledge Base articles and other support information on Visual InterDev and Active Server Pages, see the following page on the Microsoft Technical Support site:

http://support.microsoft.com/support/vinterdev/

Additional query words:


Keywords          : kbsample kbASP kbASPObj kbVisID kbGrpASP 
Version           : winnt:
Platform          : winnt 
Issue type        : kbhowto 

Last Reviewed: May 27, 1999