How asp.net or IIS recognise particular session during round trips
Mayur Gujrathi
Dy default sessions use cookies but difference is that it is encrypted and safe to travel