SharePoint 2010 uses two services related to session state that have similar names but are separate and have different purposes.

1. ASP.NET session state may be used on SharePoint 2010 pages. This service is automatically disabled in normal installations of SharePoint 2010; it may be enabled using the instructions below. Once enabled, it appears on the Service Applications page as “SharePoint Server ASP.NET Session State Service.”
2. The State Service service application is designed for and only available to Office internal components such as InfoPath Forms Services and Visio Services. This service is automatically enabled in typical installations of SharePoint 2010 and is not related to ASP.NET session state. It appears on the Service Applications page as “State Service.”

To enable ASP.NET session state:

1. Enter the following PowerShell command in the SharePoint 2010 Management Shell window:

   Enable-SPSessionStateService –DefaultProvision

2. On each web application for which you want to use session state, edit the web.config file and set the enableSessionState property of the pages element as follows:

   <pages enableSessionState="true"

Guidelines for using SharePoint Server ASP.NET Session State:

1. This session state may be used by custom code in web parts and other page-hosted controls.
2. Session state information is stored in a configurable SQL database; this implies the following:
   1. Load-balancer affinity is not required.
   2. Heavy use of session state must be included in database/capacity planning. By default, the session state database is created on the same database server hosting the SharePoint 2010 farm configuration database. This can be changed to place it on another server; this can be done at a later date if necessary. To move it to another SQL server, it should first be disabled, then enabled again with different configuration that points to the other server.
3. When enabled, Session state is available to the whole 2010 farm. Each web application can choose to enable it for use on ASP.NET pages (enableSessionState="true").
4. Session state is partitioned using the root URL. This means that different web applications will have different session state objects; a web part can only access the session state object available to it. If host header site collections are used, then different session objects will be used for each site collection (the browser will have multiple session ids in different cookies).

Additional information about enabling session state:

Additional parameters are not discussed here; use Get-Help Enable-SPSessionStateService –full for more information.

The Enable-SPSessionStateService cmdlet creates a session state database, installs the ASP.NET session state schema, and updates the Web.config files on the farm to turn on the session state service.

If the DefaultProvision form of the command is used, all default settings are used. These are:

• DatabaseName = “SessionStateService_<GUID>”
• DatabaseServer = the same database server as the SharePoint 2010 configuration database
• DatabaseCredentials = Integrated Windows Authentication

If the DatabaseName form of the command is used, then these parameters may be set explicitly. If some of the parameters are not included, they default as above. To set specific credentials for accessing the session state database, note that this allows you to specify a SQL Authentication credential only, not a Windows credential. Then, use the Get-Credential command to create a PSCredential object from a username and password, then use that object as the argument of the DatabaseCredentials parameter.

After this service is enabled, “SharePoint Server ASP.NET Session State Service” will appear on the Service Applications management page.