Django provides a session framework that supports anonymous and user sessions. Session data is stored on the server side, and cookies contain the session ID unless you use the cookie-based session engine. The session middleware manages the sending and receiving of cookies. The default session engine stores session data in the database, but you can choose other session engines. To use sessions, you have to make sure that the MIDDLEWARE setting of your project contains 'django.contrib.sessions.middleware.SessionMiddleware'. This middleware manages sessions. It's added by default to the MIDDLEWARE setting when you create a new project using the startproject command. The session middleware makes the current session available in the request object. You can access the current session using request.session, treating it like a Python dictionary to store and retrieve session data. The session dictionary accepts any Python object by default that can be serialized to JSON.
You can set a variable in the session like this: request.session['foo'] = 'bar'
Retrieve a session key as follows: request.session.get('foo')
Delete a key you previously stored in the session as follows: del request.session['foo']
Django offers the following options for storing session data:
• Database sessions: Session data is stored in the database. This is the default session engine.
• File-based sessions: Session data is stored in the filesystem.
• Cached sessions: Session data is stored in a cache backend. You can specify cache backends using the CACHES setting. Storing session data in a cache system provides the best performance.
• Cached database sessions: Session data is stored in a write-through cache and database. Reads only use the database if the data is not already in the cache.
• Cookie-based sessions: Session data is stored in the cookies that are sent to the browser.
You can customize sessions with specific settings. Here are some of the important session-related settings:
• SESSION_COOKIE_AGE: The duration of session cookies in seconds. The default value is 1209600 (two weeks).
• SESSION_COOKIE_DOMAIN: The domain used for session cookies. Set this to example.com to enable cross-domain cookies or use None for a standard domain cookie.
• SESSION_COOKIE_SECURE: A Boolean indicating that the cookie should only be sent if the connection is an HTTPS connection.
• SESSION_EXPIRE_AT_BROWSER_CLOSE: A Boolean indicating that the session has to expire when the browser is closed.
• SESSION_SAVE_EVERY_REQUEST: A Boolean that, if True, will save the session to the database on every request. The session expiration is also updated each time it's saved.
For better performance use a cache-based session engine. Django supports Memcached out of the box and you can find third-party cache backends for Redis and other cache systems.
