原文地址：http://www.c-sharpcorner.com/UploadFile/deepak.sharma00/using-cookie-less-session-in-Asp-Net/

How to Cookie-less Session

By default a session uses a cookie in the background. To enable a cookie-less session, we need to change some configuration in the Web.Config file. Follow these steps:

1. Open Web.Config file
2. Add a <sessionState> tag under <system.web> tag
3. Add an attribute "cookieless" in the <sessionState> tag and set its value to "AutoDetect" like below:

   <sessionState cookieless="AutoDetect" regenerateExpiredSessionId="true"/>

The possible values for "cookieless" attribute are:

• AutoDetect : Session uses background cookie if cookies are enabled. If cookies are disabled, then the URL is used to store session information.
• UseCookie: Session always use background cookie. This is default.
• UseDeviceProfile: Session uses background cookie if browser supports cookies else URL is used.
• UseUri: Session always use URL.

"regenerateExpiredSessionId" is used to ensure that if a cookieless url is expired a new new url is created with a new session. And if the same cookieless url is being used by multiple users an the same time, they all get a new regenerated session url.

We have configured our "Web.config" file to enable cookieless session. Now, its time to test it.