The web server assigns each user with a unique SessionID value. This SessionID variable is assigned to each user at the beginning of his session on the web server and is stored in memory on the web server.
The SessionID is stored on the client by writing a cookie containing the SessionID to the userâs machine. This cookie (aka. per session cookie in IE) is sent to the server each time the user makes a request. To identify the user, the server retrieves the cookie and matches it up with a SessionID held in memory.
As a result of this, if per session cookies are disabled on browser, session will not work. This means session tracking may be blocked on a browser.
Please have a look at the following discussion.
http://p2p.wrox.com/topic.asp?TOPIC_ID=15516