Session never stores on Cookies.Whenever we create an session a unique SessionID generates. By this sessionid server recognizes the request.By default the sessionid stores in Cookies but if cookies is disabled on browser or cookiesless session is configured in web.config then sessionid comes in URL using Query String.

If you want to disable the use of cookies in your ASP.NET application and still make use of session state, you can configure your application to store the session identifier in the URL instead of a cookie by setting the cookieless attribute of the sessionState configuration element to true, or to UseUri, in the Web.config file for your application. The following code example shows a Web.config file that configures session state to use cookieless session identifiers.

first of all session never stored at clinet side. only session id is been mentained which are in cookies and only when cookies are not disabled. If cookies are disabled at client side then we can shared sessionID through URL(query string).