Bird
Raised Fist0
Djangoframework~30 mins

Session expiry behavior in Django - Mini Project: Build & Apply

Choose your learning style10 modes available
LearnWhyDeepVisualTryChallengeProjectRecallPerf

Start learning this pattern below

Jump into concepts and practice - no test required

or
Recommended
Test this pattern10 questions across easy, medium, and hard to know if this pattern is strong
Session Expiry Behavior in Django
📖 Scenario: You are building a simple Django web application that requires users to log in. To improve security, you want to control how long a user's session lasts before they are automatically logged out.
🎯 Goal: Learn how to set up session expiry behavior in Django by configuring session timeout and applying it in your views.
📋 What You'll Learn
Create a Django view that sets a session variable
Configure a session expiry time in seconds
Implement logic to check session expiry
Ensure the session expires after the configured time
💡 Why This Matters
🌍 Real World
Web applications often need to manage user sessions securely to protect user data and control access.
💼 Career
Understanding session management is essential for backend developers working with Django or similar web frameworks.
Progress0 / 4 steps
1
Create a Django view that sets a session variable
Create a Django view function called set_session that takes request as a parameter and sets a session variable user_id with the value 42.
Django
Hint

Use request.session['user_id'] = 42 inside the view function.

2
Configure a session expiry time in seconds
Inside the set_session view, add a line to set the session expiry time to 300 seconds (5 minutes) using request.session.set_expiry(300).
Django
Hint

Use request.session.set_expiry(300) to set the session timeout.

3
Implement logic to check session expiry
Create a Django view function called check_session that takes request as a parameter. Inside it, check if 'user_id' exists in request.session. If it exists, return an HttpResponse with text 'Session active'. Otherwise, return 'Session expired'.
Django
Hint

Use if 'user_id' in request.session: to check session existence.

4
Complete the Django URL configuration
In your Django urls.py file, import the views set_session and check_session. Add two URL patterns: one for path 'set/' mapped to set_session, and one for path 'check/' mapped to check_session.
Django
Hint

Use path('set/', set_session) and path('check/', check_session) in urlpatterns.

Practice

(1/5)
1. What does the set_expiry() method do in Django sessions?
easy
A. It encrypts the session data.
B. It deletes the session immediately.
C. It sets how long a user's session will last before expiring.
D. It creates a new session key for the user.

Solution

  1. Step 1: Understand the purpose of set_expiry()

    This method controls the lifetime of a session by setting its expiration time.

  2. Step 2: Compare options with the method's function

    Only It sets how long a user's session will last before expiring. correctly describes that set_expiry() sets how long the session lasts before it expires.

  3. Final Answer:

    It sets how long a user's session will last before expiring. -> Option C

  4. Quick Check:

    Session expiry time = set_expiry() [OK]
Hint: Remember: set_expiry controls session lifetime [OK]
Common Mistakes:
  • Confusing set_expiry() with session deletion
  • Thinking it creates or encrypts sessions
  • Assuming it resets session data
2. Which of the following is the correct way to set a session to expire in 300 seconds in Django?
easy
A. request.session.expire(300)
B. request.session.set_expiry(300)
C. request.set_expiry(300)
D. session.set_expiry_time(300)

Solution

  1. Step 1: Identify the correct method and object

    The method set_expiry() is called on request.session to set expiry time.

  2. Step 2: Check syntax correctness

    request.session.set_expiry(300) uses the correct method and object: request.session.set_expiry(300). Other options use incorrect method names or objects.

  3. Final Answer:

    request.session.set_expiry(300) -> Option B

  4. Quick Check:

    Correct method call = request.session.set_expiry(300) [OK]
Hint: Call set_expiry on request.session, not request [OK]
Common Mistakes:
  • Calling set_expiry on request instead of request.session
  • Using wrong method names like expire or set_expiry_time
  • Missing parentheses or wrong argument
3. Given this code snippet, what will be the session expiry behavior? 
request.session.set_expiry(0)
medium
A. The session expiry will use the default global timeout.
B. The session will never expire.
C. The session will expire after 0 seconds immediately.
D. The session will expire when the browser is closed.

Solution

  1. Step 1: Understand what passing 0 to set_expiry means

    In Django, setting expiry to 0 means the session expires when the browser closes (a browser-length session).

  2. Step 2: Compare with other options

    The session will expire when the browser is closed. matches this behavior. The session will never expire. is false because 0 does not mean never expire. The session will expire after 0 seconds immediately. is incorrect because it does not expire immediately. The session expiry will use the default global timeout. is incorrect because default timeout is overridden.

  3. Final Answer:

    The session will expire when the browser is closed. -> Option D

  4. Quick Check:

    set_expiry(0) = expire on browser close [OK]
Hint: 0 means expire on browser close, not immediately [OK]
Common Mistakes:
  • Thinking 0 means no expiry
  • Assuming immediate expiry at 0 seconds
  • Confusing with default session timeout
4. What is wrong with this code snippet if the goal is to set the session to expire after 10 minutes? 
request.session.set_expiry = 600
medium
A. It assigns a value to the method instead of calling it.
B. The expiry time should be in milliseconds, not seconds.
C. The session object does not have set_expiry attribute.
D. The value 600 is too large and causes an error.

Solution

  1. Step 1: Analyze the code syntax

    The code assigns 600 to set_expiry instead of calling it as a method with parentheses.

  2. Step 2: Understand correct usage

    The correct usage is request.session.set_expiry(600) to call the method and set expiry time.

  3. Final Answer:

    It assigns a value to the method instead of calling it. -> Option A

  4. Quick Check:

    Use parentheses to call set_expiry() [OK]
Hint: Use parentheses to call set_expiry(), not assignment [OK]
Common Mistakes:
  • Assigning value instead of calling method
  • Confusing seconds with milliseconds
  • Believing 600 causes error due to size
5. You want a session to expire after 5 minutes but also want to keep the session alive if the user is active. Which approach correctly achieves this in Django?
hard
A. Set set_expiry(300) on every user request to reset expiry time.
B. Set set_expiry(300) once when the session is created only.
C. Set set_expiry(0) to expire on browser close and ignore activity.
D. Do not set expiry; rely on default session timeout.

Solution

  1. Step 1: Understand session expiry reset behavior

    Calling set_expiry(300) on every request resets the expiry countdown, keeping session alive if user is active.

  2. Step 2: Evaluate other options

    Set set_expiry(300) once when the session is created only. sets expiry once, so session expires after 5 minutes regardless of activity. Set set_expiry(0) to expire on browser close and ignore activity. expires on browser close, ignoring time. Do not set expiry; rely on default session timeout. uses default timeout, no control.

  3. Final Answer:

    Set set_expiry(300) on every user request to reset expiry time. -> Option A

  4. Quick Check:

    Reset expiry on each request = Set set_expiry(300) on every user request to reset expiry time. [OK]
Hint: Reset expiry timer on each request to keep session alive [OK]
Common Mistakes:
  • Setting expiry only once at session creation
  • Using 0 expiry which ignores time
  • Relying on default timeout without control