Software developer can configure session state through web.config file for his current application (which is found in the same virtual directory as the .aspx web page files).  UseDeviceProfile is the one of possible modes for HttpCookieMode. When this mode is set ASP.NET chooses to use cookieless sessions by examining the BrowserCapabilities object. The drawback is that this object indicates what the device should support – it doesn’t take into account that the user may have disabled cookies in a browser that support them.

<?xml version=”1.0” encoding=”utf-8” ?>
<configuration>
     <system.web>
     <!— other settings are omitted. —>
        <sessionState
        cookieless=”UseDeviceProfile” cookieName=”ASP.NET_SessionID”
        regenerateExpiredSessionID=”false”
        timeout=”20”
        mode=”InProc”
        stateConnectionString=”tcpip=127.0.0.1:42424”
        stateNetworkTimeout=”10”
        sqlConnectionString=”data source=127.0.0.1;Integrated Security=SSPI”
        sqlCommandTimeout=”30” allowCustomSqlDatabase=”false”
        customProvider=””
     />
     </system.web>
</configuration>