Measuring sessions for Sitecore 6 sites

I recently had to do some performance and stress tests on a Sitecore 6 website. But no matter what I did, the Perfmon showed 0 sessions.
At first I blamed the built in session handling in Sitecore, where Sitecore persists the Shell users. But the solution was elsewhere.

In order to measure sessions you must add the Session_Start and Session_End functions to the global.asax:

<%@ Import namespace="Sitecore"%>
<%@ Import namespace="Sitecore.Diagnostics"%>
<%@ Application Language='C#'%>
<script runat="server">
  public void Application_Start() { }
  public void Application_End() { }
  public void Application_Error(object sender, EventArgs args) { }
  public void Session_Start(Object sender, EventArgs e) { } // Add this to your global.asax
  public void Session_End(Object Sender, EventArgs e) { }   // Add this to your global.asax
</script>

There is no need to fill anything into the functions. They just have to be there. After this I could measure the sessions with Perfmon.

UPDATE: This is actually not a Sitecore 6 issue but a general .NET issue. It is not even a bug but expected behaviour. .NET will not instantiate the session object if no one uses it. This is a pretty clever way of saving memory.
When adding the Session_Start() and Session_End() events in the global.asax, the auto event wireup will automatically force an instantiation of the session object, making the .NET process store session data.

How to allow sessions in framesets

As described in this MS article (http://support.microsoft.com/kb/323752) embedding web sites in framesets will disable the usage of session variables due to a security issue.
The real question is why you ever wish to embed a website in a frameset, why would you even use framesets. But let’s leave this question aside. I know you have good reasons for doing so.

Fortunately it is easy to allow sessions, but you have to do the change on the embedded website, not the embedding website.

On the embedded website, simply include the following in your Gobal.asax file:

protected void Application_BeginRequest(object sender, EventArgs e)
{
  HttpContext.Current.Response.AddHeader("p3p", "CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"");
}

This header tells Internet Explorer that the website does not perform malicous actions with the data from the user. Internet Explorer detects this and allows the coockie from the embedded website to be written.
You can also implement a simpler policy. This should fullfill your needs for writing cookies for sessions:

P3P: CP=”CAO PSA OUR”