My question is regarding HTTP Sessions in a Java GAE app (link). In the default version of appengine-web.xml, sessions are disabled. This HTML comment is in every starting version of the XML file:
<!--
HTTP Sessions are disabled by default. To enable HTTP sessions specify:
<sessions-enabled>true</sessions-enabled>
It's possible to reduce request latency by configuring your application to
asynchronously write HTTP session data to the datastore:
<async-session-persistence enabled="true" />
With this feature enabled, there is a very small chance your app will see
stale session data. For details, see
http://code.google.com/appengine/docs/java/config/appconfig.html#Enabling_Sessions
-->
I obviously understand the benefit of setting <sessions-enabled> to true: we can take advantage of HTTP sessions in our servlets. However, this has made me wonder about why anyone would ever not want to enable sessions in the first place. What are the downsides of enabling sessions? What use cases exist for keeping them disabled?
I'm not sure if this question is relevant to the Python or Go runtimes of GAE, I only have knowledge of the Java runtime.
The downside of enabling sessions is higher operating costs. Many large, high traffic Web sites keep no session data from anonymous users to save on infrastructure. As bandwidth, CPU and memory becomes cheaper, this is less and less important. Of course it depends on your budget, what your site does, and how much you want it to scale within your budget.
HTTP is a stateless protocol. That makes it easy to implement and very scalable, two reasons for its amazing success.
Relying too much on sessions makes a lot of Web apps needlessly complex and hard to scale.