Exellent WORK!!

If I change session(my isp not supporting session variables) vars. Could I use cookies instead? I know it would be more insecure but if I did a en-/de- cryption so cookie contained no valid data to user, then it would be secure again!?

Now to the boosting things..
Pages may already be partially boosted but.. this is a reminder and you can use things here and test for yoursel if they work or not.

*Session is dragging servers down if many users. Cookies makes that load go to visitior of Forum instead.
* Option Explicit to make sure all vars is declared.
* I use EnableSessionState = False at every page I can.
* db connections, rsCommon.MaxRecords = 1 'This code optimize if you open only one record, put before rsCommon.Open strSQL, adoCon
can SQL database use this?
*db connections, 
* loops, use response write in all loops because scripting engine slows down as the string gets bigger.
* when using Response.Buffer = true put Response.Flush at end of page to send page as 1 packet insted of 10..
* Avoid using server variables whenever you can.
* Try to use client side validation instead of posting the page and checking server side.
*Use the with block command whenever possible. This is less code to write, and it will increase performance too.

That's all I have.. have a nice time

This is a confusing post (it looks like you are answering a question you aked yourself?  did someone remove the thread starter)

anyways, some thoughts on some stuff posted above

First off: Cookies are based on Session, as a result you cannot have cookies w/o session

It takes a lot, a ton, huge amounts of users wo have session variables drag down the servers as long as you aren't storing huge arrays, objects, what not into the session state (something that's a bad idea at any time).. if its some simple strings, you aren't going to drag anything down

"MaxRecords": the SQL statement presented to the database, whether Access or SQL Server, still looks up and passes back all the records asked for, write better SQL and MaxRecords becomes useless, in other words, if you want one record, have your SQL say "give me a single record"

"Server Variables": if you mean Request.ServerVariables, then your statement about them isn't going to boost performance, those values are there on every page request whether you use them or not

"Client validation instead of server".. baaaaad idea, a decent programmer should NEVER totally rely on client side validation as (1) the user can turn javascript off on their client, or (2) its super simple to "go around" the script and post directly to the page

There's only one major thing i see overlooked is: make sure to close ALL objects