Hi Carl,

SQLServer -> Indicates that session state is stored on the SQL Server.

You need to do the following to use SQLServer mode

(1) Run InstallSqlState.sql (installed by default in :\systemroot\Microsoft.NET\Framework\version) on the computer running SQL Server that will store the session state. This creates a database called ASPState with new stored procedures and ASPStateTempApplications and ASPStateTempSessions tables in the TempDB database

(2)In the application's Web.config file, set mode=SQLServer and set the sqlConnectionString attribute. For example, sqlConnectionString="data source=localhost;Integrated Security=SSPI;Initial Catalog=northwind".

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpgenref/html/gngrfsessionstatesection.asp

ALSO CHECK THIS SETTING IS SQL:
If you are going to use Windows Authentication, then the SQL Server needs to
know about the IUSER account, which it doesn't by default since that is a
local account on the web server.

As a general rule of thumb you should create a seprate account to run the
web app the has rights to the app and the sql server and is locked out of
everything else. If you give IUSR or IWAM access then every request from any
site that you have will have access to the data in your SQL Server, not just
the one application.


HTH.

Alvin