Use sessions where they are actually required for the application. Turn them off in pages that don't require access to them. Alternatively, use read-only session state where you don't need to update the values.
To disable session state maintenance for a page, use the following
Page directive:
<%@ Page EnableSessionState="false" %>
To disable session state maintenance for an entire application, change the setting in
web.config :
<sessionState mode="off" />
<pages enableSessionState="false" ... />
To specify read-only session state maintenance for a page, use the following
Page directive:
<%@ Page EnableSessionState="ReadOnly" %>
To specify read-only session state maintenance for an entire application, change the setting in
web.config :
<pages enableSessionState="ReadOnly" ... />
Wherever possible, use the default in-process session management. The out-of-process state service can produce a performance hit of 20 percent over the in-process session manager, and the remote SQL Server state management session adds around another 50 percent performance hit over out-of-process session state management – use it only for a web farm.