The fact that ASP.NET maintains a user’s session state for us is a great thing. It allows us to program applications for the Web and rarely give a second thought to the fact that we don’t actually maintain a connection to our users. That being said, session state does come at a cost and disabling it when you’re not using it is a standard tip for improving application performance. But what if you are using it?
There’s a little known option that can serve as a happy medium. Instead of setting your page’s EnableSessionState attribute to “True” or “False”, you can set it to “ReadOnly” instead. The resulting page directive should look something like this:
This only works on pages that need access to a user’s session state information, but do not modify it. If you take a close look at your application, you’ll probably find that the majority of the pages that use session state fall into this category.
Using this setting won’t give you the same performance benefit you’d get by disabling session state altogether, but then again you don’t have to give up using sessions in order to use it.