SOSS - Avoid 'Set-Cookie' header in response

I have implemented a WCF REST web service and I am using SSOS to manager distributed session.

My Web config contains this

    <sessionState mode="Custom" customProvider="SossStoreProvider" cookieless="UseCookies">             <providers>
            <add name="SossStoreProvider" type="Soss.Web.SossStoreProvider, soss_storeprovider, Version=, Culture=neutral, PublicKeyToken=a1ec0b86f746a476" />           </providers>
This returns ASP.NET session info "Set-Cookie" header. I need to stop returning session details to client side. Setting cookieless="true" didn't work and it gave errors. How to avoid sending "Set-Cookie" header in response.


The cookieless session state is a standard feature of the ASP.NET pipeline and it is not related to the type of session provider being used. ScaleOut ASP.NET session provider does not play any role with the way the session state is persisted by browser between user's web requests (whether via HTTP header's cookie or URL). The cookieless state works with any session provider and it is enabled by the cookieless attribute of the sessionState's element when it is set to "true" or "UseUri".

In the cookieless mode ASP.NET modifies page's URL and embeds the ASP.NET session's ID to it, here is the example of it:

As long as you are not modifying these auto-generated links, session state can be maintained via URLs. However, if you're re-writing these URLs, the session state instance will most likely be lost.