If a Web application does not make use of IIS sessions, Internet Information Services snap-in should be used to disable session state for the entire application, if possible. Sessions in IIS remain in memory, and the memory allocated to the sessions are not freed until the session has been terminated or timed-out. Thus, in a scenario where the application is serving many concurrent users, the server’s resources could become depleted, and performance could be affected.
Also, if only parts of the application require a session state, @ENABLESESSIONSTATE directive can be used to turn ON session tracking for a page. Its syntax is: