What options are there for session handling with a modern .NET IIS Web architecture?
I understand that IIS' native session support loses sessions upon restart. Furthermore, Microsoft recommends sessions be stored in the database, which is my preferred solution.
I am attempting to architect a highly available .NET IIS platform, which scales horizontally for a third party application. The application is developed externally and while I can push for storing in a database but that will not be possible for an immediate deadline.
The third party recommends using persistent sessions, which is something I avoid. Sticky sessions will lessen availability, as when the Web server becomes unavailable it will cause accessibility issues to the clients that were previously using it. Moreover, it lessens the load balancing functionality, as a single server may receive potentially more requests than the others. IIS will still lose sessions upon restart, which is something I would prefer to eliminate. I also do not want to store the session in a cookie on the client side.
I want to enable complete high availability, while still allowing application deployment to idle servers without impact. Additionally, full load balancing. Can I enable this functionality on this technology platform without rewriting the application? What options do I have?
ASP.net 2.0 and above supports storing session in SQL server simply by changing the SessionState provider in web.config and using aspnet_regsql.exe to setup the SQL database. You can read more about configuring the Session State Provider at the MSDN - Session State Providers page.
Update: A much easier read with step-by-step instructions is also available at the MSDN - Session State Modes page.
We talked about the modularity of the .NET Session State Providers at the Ohio Linux Fest and I mentioned that somebody could create a distributed in-memory cache for .NET Session State. A Customer asked me about it earlier today and I found this product that appears to do just that.