Sessions are virtual environments provided by some web frameworks for each browser connection.  Changes to session data persists between individual requests made by the browser.  Typically the amount of session data can impact on the scalability of the otherwise stateless web model, so use of a session to persist information must be done with discretion.

Managing browser or user specific data

Zope provides built in cookie based session management with automatic expiry of session data after a period, normally 20 minutes.  It is important to note that the session is specific to the browser, and not specific to a person who might use the browser.

It is an extremely simple matter to retrieve the a session:

class MyView(grok.View):
    def update(self):
        sn = ISession(self.request)
        self.session = sn[MyAppIdentifier]

The session can be treated like a dict, and any information stored therein will be persisted for the length of the session.

User data

NB: Sessions identify a Browser Session, not a user.  Imagine many users using the same browser instance after one another (eg. at a library), but identifying themselves individually to a web application.

User data, as opposed to Session data, depends on an identity being associated with the user.  Such information may be easily persisted indefinitely in the ZoDB, or temporarily within a session.

A good strategy for this, is to associate user identities with a serial number, and then to maintain a "users" container with keys being the user serial number converted to text.