Manage sessions individually in IIS4
If you're an experienced developer, you're probably using Session object to store information that you need for a particular user-session. As you know, variables that are stored in the Session object are not discarded when the user jumps between pages in the application; instead, these variables persist for the entire user-session. The Web server automatically creates a Session object when a user (who does not already have a session) requests a Web page from the application. The server destroys the Session object when the session expires or is abandoned.
To avoid this, you can turn off the Session feature; however, you can't turn off the Session feature on a per application basis in IIS 3.0. Turning it off for the entire server is faster but drops a lot of functionality. Instead, be very careful to use the Session object only when you really need to. If you use the Session object at all in your application, be sure to use it as soon as possible, so you can avoid the Session object from being reset. The best solution is to use IIS 4.0, since you can enable the session state on a per-application basis and it can be disabled for specified .asp files.