Starting and Ending Sessions in ASP

A session can begin in one of the four following ways.

  • A new user requests a URL that identifies an .asp file in an application, and the Global.asa file for that application includes a Session_OnStart Event procedure.

  • A user stores a value in the Session object.

  • A new session automatically starts whenever the server receives a request that does not contain a valid SessionID cookie.

  • A user requests an .asp file in an application, and the application's Global.asa file uses the <OBJECT> tag to instantiate an object with session scope. See Using Components and Objects for more information about using the <OBJECT> tag to instantiate an object.

A session automatically ends if a user has not requested or refreshed a page in an application for a specified period of time. This value is 20 minutes by default. You can change the default for an application by setting the Session.Timeout property on the Application Options property sheet in the Internet Information Services snap-in. Set this value according to the requirements of your Web application and the memory capacity of your server. For example, if you expect that users browsing your Web application will linger on each page for only a few minutes, then you may want to significantly reduce the session timeout value from the default. A long session timeout period can result in too many open sessions, which can strain your server's memory resources.

If, for a specific session, you want to set a timeout interval that is shorter than the default application timeout, you can also set the Timeout property of the Session object. For example, the following script sets a timeout interval of 5 minutes.

<%  Session.Timeout = 5  %> 

You can also set the timeout interval to be greater than the default value, the value determined by the Session Timeout property.


Timeout only applies to sessions that have state. During a stateless session the Session object does not contain content or static objects. This type of session automatically ends after the request is processed and is recreated on the next request from the same browser.

Alternatively, to deliberately end a session you can use the Session.Abandon method of the Session object. For example, you can provide a Quit button on a form with the ACTION parameter set to the URL of an .asp file that contains the following command.

<% Session.Abandon %> 


A user's requests that are queued up for execution prior to initiating Session.Abandon will execute within the context of the session being abandoned. After Session.Abandon has completed execution, new incoming requests will not be associated with the session.