Sessions were one of the great innovations of classic ASP. Sure they had their problems, but
they provided an easy way to store user specific data and gave us an easy way to overcome
the limitations of the stateless nature of the Web.
If you were willing to deal with the additional load that sessions could place on your web server,
the other main issue developers faced was handling clients that didn't accept cookies.
You see, in order to keep track of which client went with which session information, the server
would set a cookie on the client browser. Then when the browser requested the next page
it would send that cookie back. When the server received the cookie back, it would use
the value of that cookie to look up the user's session information. If the browser didn't
send back the cookie, then the web server couldn't find the user's session.
Luckily ASP.NET solved this problem by offering a new option. By simply
setting an option in your Web.config file you can tell ASP.NET to pass the
unique identifier in the querystring instead of via a cookie. Here's the option you
need to set in your Web.config:
ASP.NET automatically adds the portion between the parentheses and
uses it instead of a cookie to identify the user. This section of the URL
will be unique for each session so that each user's request to the same
page will result in a different URL. This way ASP.NET can keep track of
sessions without the browser needing to support cookies. After all,
every browser supports URLs!