Good question. By default, gae-sessions will try to store a user's
session within secure cookies - this makes the sesssion retrieval far
faster as the client sends their session data along with each request,
rather than us having to go to memcache (or worse, the datastore) to
get the session information. Unfortunately, if the session is only
stored in a cookie, then you can't load the session by SID since
cookies are stored solely with the client.
However, you can workaround this problem without losing the
substantial benefit of cookie-only sessions. Before you send the SID
to your Adobe Air app, you just need to force the session to be
persisted to the datastore/memcache so that your Adobe Air application
can retrieve the session data by SID. To do this, you need to mark
the session as "dirty" (otherwise save() won't do anything) - you can
do this by simply setting session.dirty = True. Next, you need to
force the session to be persisted server-side this once - you can do
this by calling session.save(persist_even_if_using_cookie=True).
Now, when your adobe air will be able to retrieve the session data
with just the SID.
All the best,
~ David