Generating a new ASP.NET session in the current HTTPContext

Question

As a result of a penetration test against some of our products in the pipeline, what looked to be at the time an \'easy\' problem to fix is turning out to be a toughy.

Answer 1

Can you not just set:

in web.config, and then use the solution suggested by Ahmad?