Maintaining session state is extremely common in web applications. In
general, sessions need to be loaded at the beginning of each request,
locked for the duration of the request, and saved at the end of the
request. These operations need to be fast. Ideally you can store any
type of data on the session. The session automatically dies after some
specified expiration time.
People with small sites that run on one box often just store sessions
in memory. To adhere to "shared nothing" and scale to multiple
machines, sometimes the session data is stored in a relational
database. We have developed a dedicated session daemon that meets
these needs quite well (
http://pypi.python.org/pypi/pear/0.8).
I don't think that the Data Store is a good place for sessions.
There's no easy way to lock an entity for the duration of a request.
You can't store arbitrary data types (heterogeneous lists,
dictionaries, etc.) in the Data Store, and there is no efficient
serialization module in the sandbox (cPickle, marshal, cjson, etc.),
which would allow fast serialization and storage in a BlobProperty.
There's no clean way to make entities expire and delete themselves
automatically.
I think one of the next tools to be built for App Engine is a session
API that accomplishes what pear does.
shoe