FAST Google App Engine Sessions (and RPX integration)
The Google App Engine infrastructure provides many services, but sessions is not one of them. There are several Python-based session middlewares which already do this so I considered them first (spoiler: I ended up writing my own and it is orders of magnitudes faster than the alternatives: gae-sessions).
Beaker is a solid implementation, but it lacks support for memcache on app engine. This means every request must go to the datastore to fetch session data – yuck.
gaeutilities is designed for app engine and takes advantage of both memcache and the datastore. Unfortunately, the code is a bit heavyweight – it is coupled to unrelated functionality (e.g., “flash” messaging) and it is complicated by support for options I do not need (e.g., cookie-only sessions and automatic token rotation). Most significantly, its performance suffers from excess API calls and inefficient model storage.
Since I was unsatisfied with these options, I wrote my own sessions middleware, gae-sessions. It strives to be lightweight, fast (but reliable), secure, and easy to use. I ended up with a pretty small library (200 lines of code) which met these goals. It uses memcache (for speed) and the datastore (for reliability) but only reads and writes when it must. db.Model objects are efficiently stored by converting them to protobufs instead of using the automatic pickling functionality (which is slow since app engine lacks cPickle).
Consider gae-sessions if you need sessions support for a Python web application hosted on Google’s app engine. The project includes demo code which you can run without modification on the app engine development server. The demo shows gae-sessions working with an OpenID-based authentication system powered by RPX (check it out to see how easy it is to integrate with RPX).
Update: I’ve created an in-depth comparison page which compares both the features and performance of alternative sessions libraries (beaker, geautilities, gmemsess, and suas) with gae-sessions.
Hi David,
Looks pretty good! I’m going to attempt to use gae-sessions to implement a simple custom user system for my app. I’ll let you know how it goes.
Cheers,
Nevin
Very cool Nevin! I’ll look forward to hearing how it goes and what could be better too. Just let me know if you run into any snags.
Enjoy ~ David
Sweet, it’s up and running! I really like the dict interface. So far I’m running everything as-is, except for changing “dirty” to “session_has_changed,” for the sake of keeping my mind straight
I’ll check back in once the new functionality actually goes live (the site is riabiz.com). I expect I’ll be focusing mostly on the user accounts, but if I make any improvements (or changes rather) I’ll let you know.
Thanks for sharing!
Nevin
Hi David,
Your session offering is very timely for me – I searched for session support in GAE earlier in the month, and had been exploring gaeutilities, but it is too heavyweight for my purposes, and yours looks like a better fit for my use-case.
Small fix: your demo doesn’t work if one is running dev_appserver.py with a non-default port value. Changing the line
BASE_URL = ‘localhost’
to
BASE_URL = ‘localhost:’ + os.environ['SERVER_PORT']
makes life better.
I am new to session issues, and although the RPX stuff looks very promising, As a suggestion, I’d love to see a variant of the demo that does not use RPX. Some basic login form asking for username/password that takes a person to a landing page, and which maintains the identity of the person as they navigate thru a collection of pages linked off that landing. Any chance of that use-case making it into your demo?
Thanks for the code,
Wade
@Wade
Thanks for the patch – I’ve integrated it into the project so that the demo works regardless of what port the development server is running on (commit here).
I also added a second demo which shows gae-sessions using Google Accounts for authentication. It also demonstrates using sessions across a collection of pages – it is actually pretty much the same as using it on a single page
.
Good luck using it with your project – I’ll be happy to hear any other feedback you might have along the way too. Enjoy!
The latest release (v0.5) now includes “quick” methods for adding and deleting session data which only modify the memcached version of the session data and avoid a datastore put. This might be useful if you sometimes use the session to store short-lived information which isn’t critical enough to be persisted to the datastore. It also adds support for cleaning up expired sessions from the datastore.
Howzit David,
I’d like to use your gae-sessions. Is there an official support group? I have a few questions, stemming from the fact that I have decided on a specific development standard (how the code is structured, where files live, etc)
Basically, I have separated your library into different project sub-folders. Some questions may arise, I’m looking for the best place to ask!
@ehp
I’ve setup a google group – posting a message there is probably the best place to ask questions.
Very cool, been looking for an awesome session util for appengine. I’ve been using gaeutilities for tweetc.com but it is heavy. Looking forward to trying gae-sessions out!
@John Turner
Awesome, I don’t think you’ll be disappointed. It should be pretty easy to swap it in too – the two have very similar interfaces (but very different performance characteristics!).
Enjoy, and just let let me know when you find something that could be improved – I like suggestions
.