Knowledgebase: ASP .NET / ASP
ASP.NET Session State
Posted by Arvand Sabetian (Import) on 04 June 2010 03:05 AM

This article at Microsoft provides detailed analysis of different modes that can be used to store states:

In short, you can use "in-proc" for the simplest method which will store the sessions inside the memory of your application. However, app pools on our shared services (we offer a dedicated app pool for each website) are limited to a certain amount of memory outlined here:

To get around that limitation, we suggest using the "out-of-process" mode. To do this, the string will be changed to something like this in the web.config:



  <sessionState mode="StateServer" cookieless="false" timeout="20" /> 




After changing sessionState to StateServer, we recommend creating a key. Visit this URL: , use it to generate a key and insert it between the <sessionState> and </system.web> tags like so:


        <sessionState mode="StateServer" stateNetworkTimeout="600" />

<machineKey decryptionKey="1FB9CFB57F1B2E5E1F257BA,IsolateApps" validationKey="0AF99CB33B4E213F432C8CB6F5DF6907,IsolateApps" />


If switching to StateServer is giving you an error, the asp net service may need to be turned on at the server level. Please contact support. For further explanation on what the above tags mean, please refer to the Microsoft post at the start of this post. It is also possible your application does not support session state -- refer to the developer(s) of your script to confirm.

Forum posts that can help: -

(47 vote(s))
Not helpful

Comments (20)
28 September 2010 08:35 AM
The right syntax is: <sessionState mode="StateServer" cookieless="false" timeout="20" />
Alex Ford
17 October 2010 01:17 AM
So do I use comment or article? Which one do I paste?
18 October 2010 12:29 AM
You should be able to use Lex's fine.
02 November 2010 03:07 PM
Hi im just looking for a host that supports State server. So this mean you guys support state servers right?

Arvand Sabetian
04 November 2010 04:35 AM
Yes, that is correct Shaheem.
Justin McNulty
15 December 2010 11:03 PM
not working at all, shows error : 500 - Internal server error. Contact three help staffs , takes very long time and still cannot figure it out
Arvand Sabetian
11 March 2011 03:19 AM
500 errors generally mean a syntax error inside the web.config. Please make sure there are no typos and the tag is properly placed in the right location.
Meysam fathee
10 January 2011 02:50 PM
This is not working in my reseller plan.i try any thing code for session state in web.config file. :(
Arvand Sabetian
10 January 2011 09:26 PM
What error are you getting? Ask staff for support. At times, the service needs to be started for the first time if you are the first person using the session state service on that service.
Anthony Romano
05 February 2011 03:22 PM
Make sure you comment out the origional sessionstate command..... If it exsist in the web.comfig
25 February 2011 08:17 AM
Hi: The link above - does not work
Arvand Sabetian
11 March 2011 02:47 AM seems to work just fine. Please make sure to copy and paste it into your browser if its not working properly as a link.
Alex Ford
27 March 2011 09:25 AM
<sessionState mode="StateServer" cookieless="false" />
Alex Ford
27 March 2011 09:25 AM
The article leaves out putting sessionState tag within the System.Web tag, not within Configuration tag.
Alex Ford
27 February 2012 11:33 PM
Can anyone elaborate on why you have to include a machine key tag? What does it do? Why does the state server fail without it?
Michael Carr
12 May 2012 06:22 PM
The machine key authenticates the connection from your website to the database. It is how the SQL server knows that your connection has the authority to view, edit or delete data in your SQL database.
Pete Johnson
10 May 2012 05:12 AM
@Alex Ford the machine key tag is necessary because the machine key is what the server uses to encode / decode session state info from the client session. By default, a new machine key is generated every time the app starts up, thus session info is only reusable until the app pool shuts down or recycles. By using one machine key, session state info can be persisted through app pool cycles.
Jim Brower
24 May 2012 05:06 PM
I have an app that has this tag:

<sessionState mode="InProc" stateConnectionString="tcpip=" sqlConnectionString="data source=;Trusted_Connection=yes" cookieless="false" timeout="60" />

This results in frequent timeouts. The app's documentation says to change it to:

<sessionState mode="StateServer" stateConnectionString="tcpip=serverName:42424" sqlConnectionString="data source=serverName;Trusted_Connection=yes" cookieless="false" timeout="60" />

No matter what I substitute for serverName, I get a 500 server error. What serverName should I use?
jorge ferrer
01 June 2012 06:55 AM
I have a site at arvixe using authentication mode FORMS. Everytime the pool recycled, the login page appeared again. I changed to StateServer but nothing has changed. Have I forgotten anything?
Michael Carr
04 September 2012 12:19 PM
Using session state should correct that for you, but you need to implement it correctly. If you are still having issues with it please open a support ticket and we will take a look for you.
Post a new comment
Full Name:
CAPTCHA Verification 
Please enter the text you see in the image into the textbox below (we use this to prevent automated submissions).