I know it's a simple question, but I can't seem to drag it out of Google noise. I know .NET can use a session state service or a SQL database to back its session state, but I don't know if ASP offers any out-of-process options for storing it. Does it have any, or am I stuck with losing session variables on ASP applications when a load-balanced server is taken offline?
There's nothing else built in, though in ASP Classic it's pretty easy to build your own session management system. Simplest form being a table in a db like the following:
SessionID int PK, Fields text, Values text, Expires DateTime
Come up with some kind of CSV encoder/decoder for the fields and values and populate a collection on every page. Then save it once the page executes and update the expiration time. Then just have a cookie keep track of the session ID or pass it around in the querystring.
Yes, only in memory
From MSDN Full Article
ASP Implementation
The native ASP session can only store session data in memory. In order to store the session data to SQL Server, a custom Microsoft® Visual Basic® 6.0 COM object is written to manage the session state instead of using the native session object. This COM object will be instantiated in the beginning of each Web request and reload the session data from SQL Server. When the ASP script is finished, this object will be terminated and the session state will be persisted back to SQL Server.
The primary purpose of the Visual Basic 6 COM Session object is to provide access to the Microsoft® Internet Information Server intrinsic objects. The Visual Basic 6.0 COM Session object uses the mySession class of SessionUtility assembly to hold the session state, and the SessionPersistence class of SessionUtility to load and save session data with SQL Server. The mySession and SessionPersistence classes are exposed as COM objects using the regasm.exe utility. The regasm.exe utility can register and create a type library for the COM client to consume Framework classes.
The session state information is reloaded during the construction of the object. The constructor (class_initialize) will first retrieve the session cookie, session timeout (SessionTimeOut), and database connection string (SessionDSN) from the Application object, and create an instance of the class mySession to hold the session data. Then the constructor will try to reload the session data from SQL Server with the given cookie. If the SQL Server does not have the session information, or the session has been expired, a new cookie will be issued. If the SQL Sever does return with the session state data, the session state will be stored in the mySession object.