By default ASP.NET uses cookies to identify which requests belong to a particular session. If cookies are not available, a session can be tracked by adding a session identifier to the URL. To disable cookies, set sessionState cookieless="true".
<sessionState mode="StateServer" cookieless="false" timeout="120"/>
Check out this:
Session TimeOut[
^]