If you want to disable the use of cookies in your ASP.NET application and still make use of session state, you can configure your application to store the session identifier in the URL instead of a cookie by setting the cookieless attribute of the sessionState configuration element to true, or to UseUri, in the Web.config file for your application.
The following code example shows a Web.config file that configures session state to use cookieless session identifiers.
<configuration>
<system.web>
<sessionState
cookieless="true"
regenerateExpiredSessionId="true"
timeout="30" />
</system.web>
</configuration>
