From Clearing expired sessions from the App Engine data store :
You need to configure the cleanup servlet provided by Google to run regularly. Note: the servlet clears up to 100 records. Be sure to determine how often you need it to call, and determine the interval that suits you.
In web.xml:
<web-app...> <servlet> <servlet-name>_ah_sessioncleanup</servlet-name> <servlet-class>com.google.apphosting.utils.servlet.SessionCleanupServlet</servlet-class> </servlet> <servlet-mapping> <servlet-name>_ah_sessioncleanup</servlet-name> <url-pattern>/_ah/sessioncleanup</url;-pattern> </servlet-mapping> <security-constraint> <web-resource-collection> <web-resource-name>session-cleanup</web-resource-name> <url-pattern>/_ah/sessioncleanup</url-pattern> </web-resource-collection> <auth-constraint> <role-name>admin</role-name> </auth-constraint> </security-constraint> ... </web-app>
And in cron.xml:
<cronentries> <cron> <url>/_ah/sessioncleanup?clear</url> <description>Clean up sessions</description> <schedule>every 15 minutes</schedule> </cron> ... </cronentries>