You can configure your application to store Session IDs not in a cookie, but in the URLs of pages in your site. By keeping the Session ID in the URL, ASP.NET stores the ID in the browser, in a manner of speaking, and can get it back when the user requests another page. Cookieless sessions can get around the problem of a browser that refuses cookies and allow you to work with Session state.

However, under some limited circumstances, if the user shares the URL with someone else perhaps o email the URL to a colleague while the user's session is still active then both users might nd up sharing the same session, with unpredictable results.