Session Management & Cookies
Sessions store server-side data for each user (cart items, preferences, auth state). Django uses cookies to track sessions — a session ID cookie on the client maps to session data on the server. Understanding sessions is key to stateful web applications.
15 min•By Priygop Team•Updated 2026
Sessions & Cookies
- request.session — Dictionary-like session storage
- Session data stored server-side (database by default)
- Client only gets a session ID cookie (sessionid)
- request.session['key'] = value — Store data
- request.session.get('key', default) — Retrieve data
- del request.session['key'] — Delete data
- SESSION_COOKIE_AGE — Cookie lifetime (default: 2 weeks)
- session.flush() — Delete all session data
Session Usage
Session Usage
# Using sessions in views
# def add_to_cart(request, product_id):
# cart = request.session.get('cart', {})
# cart[str(product_id)] = cart.get(str(product_id), 0) + 1
# request.session['cart'] = cart
# return redirect('cart')
# def view_cart(request):
# cart = request.session.get('cart', {})
# return render(request, 'shop/cart.html', {'cart': cart})
# def clear_cart(request):
# if 'cart' in request.session:
# del request.session['cart']
# return redirect('cart')
# Session settings in settings.py
# SESSION_ENGINE = 'django.contrib.sessions.backends.db' # Default
# SESSION_COOKIE_AGE = 1209600 # 2 weeks in seconds
# SESSION_COOKIE_SECURE = True # Only send over HTTPS
# SESSION_COOKIE_HTTPONLY = True # No JavaScript access
# SESSION_EXPIRE_AT_BROWSER_CLOSE = False
# Session backends:
# 'django.contrib.sessions.backends.db' # Database (default)
# 'django.contrib.sessions.backends.cache' # Cache (Memcached/Redis)
# 'django.contrib.sessions.backends.cached_db' # Cache + DB fallback
# 'django.contrib.sessions.backends.file' # File systemTip
Tip
Use SESSION_COOKIE_AGE to control session duration. Set SESSION_COOKIE_SECURE=True in production for HTTPS-only cookies.
Diagram
Loading diagram…
QuerySets are LAZY — no DB hit until evaluated.
Common Mistake
Warning
Using default session settings in production. Set SESSION_COOKIE_SECURE, SESSION_COOKIE_HTTPONLY for security.
Practice Task
Note
(1) Inspect session data in the admin. (2) Set session expiry time. (3) Clear sessions with clearsessions command.
Quick Quiz
Key Takeaways
- Sessions store server-side data for each user (cart items, preferences, auth state).
- request.session — Dictionary-like session storage
- Session data stored server-side (database by default)
- Client only gets a session ID cookie (sessionid)