Applications that rely on per user session state can store session state in the following locations:
In the ASP.NET worker process
In an out-of-process state service, which can run on the Web server, or on a remote server
In a SQL Server data store
The relevant location, combined with connection details, is stored in the <sessionState> element in Machine.config. This is the default setting:
<sessionState mode="InProc" stateConnectionString="tcpip=127.0.0.1:42424" stateNetworkTimeout="10" sqlConnectionString="data source=127.0.0.1;Integrated Security=SSPI" cookieless="false" timeout="20"/>
If you do not use the ASP.NET state service on the Web server, use the MMC Services snap-in to disable it.