Bird
Raised Fist0
Djangoframework~5 mins

Session expiry behavior in Django - Cheat Sheet & Quick Revision

Choose your learning style10 modes available
LearnWhyDeepVisualTryChallengeProjectRecallPerf

Start learning this pattern below

Jump into concepts and practice - no test required

or
Recommended
Test this pattern10 questions across easy, medium, and hard to know if this pattern is strong
Recall & Review
beginner
What is session expiry in Django?
Session expiry in Django means the time when a user's session data is deleted or becomes invalid, requiring the user to log in again or start a new session.
Click to reveal answer
beginner
How can you set a session to expire when the user closes the browser in Django?
Set SESSION_EXPIRE_AT_BROWSER_CLOSE = True in Django settings. This makes the session expire as soon as the browser is closed.
Click to reveal answer
beginner
What does the setting SESSION_COOKIE_AGE control in Django?
SESSION_COOKIE_AGE controls how long (in seconds) a session cookie lasts before it expires. The default is 1209600 seconds (2 weeks).
Click to reveal answer
intermediate
How can you programmatically set a custom expiry time for a session in Django?
Use request.session.set_expiry(value) where value can be seconds (int), a datetime or timedelta object, or 0 to expire on browser close.
Click to reveal answer
beginner
What happens if you do not set any session expiry in Django?
If no expiry is set, Django uses the default SESSION_COOKIE_AGE (2 weeks) and the session will expire after that time unless the user logs out or clears cookies.
Click to reveal answer
Which Django setting makes the session expire when the browser closes?
ASESSION_COOKIE_AGE = 0
BSESSION_EXPIRE_AT_BROWSER_CLOSE = True
CSESSION_SAVE_EVERY_REQUEST = True
DSESSION_ENGINE = 'django.contrib.sessions.backends.cache'
What is the default duration of a Django session cookie if not changed?
AUntil browser closes
B1 day
C1 hour
D2 weeks
How do you set a session to expire after 5 minutes programmatically?
Arequest.session.set_expiry(300)
Brequest.session.set_expiry(True)
Crequest.session.set_expiry(0)
Drequest.session.set_expiry('5 minutes')
If SESSION_EXPIRE_AT_BROWSER_CLOSE is False and SESSION_COOKIE_AGE is 0, what happens?
ASession never expires
BSession expires at browser close
CSession expires immediately
DSession uses default expiry of 2 weeks
Which method is used to clear session data in Django?
Arequest.session.clear()
Brequest.session.delete()
Crequest.session.expire()
Drequest.session.remove()
Explain how Django handles session expiry by default and how you can customize it.
Think about settings and methods that control session lifetime.
You got /4 concepts.
    Describe how to make a Django session expire immediately when the user closes their browser.
    Focus on the setting that links session expiry to browser behavior.
    You got /3 concepts.

      Practice

      (1/5)
      1. What does the set_expiry() method do in Django sessions?
      easy
      A. It encrypts the session data.
      B. It deletes the session immediately.
      C. It sets how long a user's session will last before expiring.
      D. It creates a new session key for the user.

      Solution

      1. Step 1: Understand the purpose of set_expiry()

        This method controls the lifetime of a session by setting its expiration time.

      2. Step 2: Compare options with the method's function

        Only It sets how long a user's session will last before expiring. correctly describes that set_expiry() sets how long the session lasts before it expires.

      3. Final Answer:

        It sets how long a user's session will last before expiring. -> Option C

      4. Quick Check:

        Session expiry time = set_expiry() [OK]
      Hint: Remember: set_expiry controls session lifetime [OK]
      Common Mistakes:
      • Confusing set_expiry() with session deletion
      • Thinking it creates or encrypts sessions
      • Assuming it resets session data
      2. Which of the following is the correct way to set a session to expire in 300 seconds in Django?
      easy
      A. request.session.expire(300)
      B. request.session.set_expiry(300)
      C. request.set_expiry(300)
      D. session.set_expiry_time(300)

      Solution

      1. Step 1: Identify the correct method and object

        The method set_expiry() is called on request.session to set expiry time.

      2. Step 2: Check syntax correctness

        request.session.set_expiry(300) uses the correct method and object: request.session.set_expiry(300). Other options use incorrect method names or objects.

      3. Final Answer:

        request.session.set_expiry(300) -> Option B

      4. Quick Check:

        Correct method call = request.session.set_expiry(300) [OK]
      Hint: Call set_expiry on request.session, not request [OK]
      Common Mistakes:
      • Calling set_expiry on request instead of request.session
      • Using wrong method names like expire or set_expiry_time
      • Missing parentheses or wrong argument
      3. Given this code snippet, what will be the session expiry behavior? 
      request.session.set_expiry(0)
      medium
      A. The session expiry will use the default global timeout.
      B. The session will never expire.
      C. The session will expire after 0 seconds immediately.
      D. The session will expire when the browser is closed.

      Solution

      1. Step 1: Understand what passing 0 to set_expiry means

        In Django, setting expiry to 0 means the session expires when the browser closes (a browser-length session).

      2. Step 2: Compare with other options

        The session will expire when the browser is closed. matches this behavior. The session will never expire. is false because 0 does not mean never expire. The session will expire after 0 seconds immediately. is incorrect because it does not expire immediately. The session expiry will use the default global timeout. is incorrect because default timeout is overridden.

      3. Final Answer:

        The session will expire when the browser is closed. -> Option D

      4. Quick Check:

        set_expiry(0) = expire on browser close [OK]
      Hint: 0 means expire on browser close, not immediately [OK]
      Common Mistakes:
      • Thinking 0 means no expiry
      • Assuming immediate expiry at 0 seconds
      • Confusing with default session timeout
      4. What is wrong with this code snippet if the goal is to set the session to expire after 10 minutes? 
      request.session.set_expiry = 600
      medium
      A. It assigns a value to the method instead of calling it.
      B. The expiry time should be in milliseconds, not seconds.
      C. The session object does not have set_expiry attribute.
      D. The value 600 is too large and causes an error.

      Solution

      1. Step 1: Analyze the code syntax

        The code assigns 600 to set_expiry instead of calling it as a method with parentheses.

      2. Step 2: Understand correct usage

        The correct usage is request.session.set_expiry(600) to call the method and set expiry time.

      3. Final Answer:

        It assigns a value to the method instead of calling it. -> Option A

      4. Quick Check:

        Use parentheses to call set_expiry() [OK]
      Hint: Use parentheses to call set_expiry(), not assignment [OK]
      Common Mistakes:
      • Assigning value instead of calling method
      • Confusing seconds with milliseconds
      • Believing 600 causes error due to size
      5. You want a session to expire after 5 minutes but also want to keep the session alive if the user is active. Which approach correctly achieves this in Django?
      hard
      A. Set set_expiry(300) on every user request to reset expiry time.
      B. Set set_expiry(300) once when the session is created only.
      C. Set set_expiry(0) to expire on browser close and ignore activity.
      D. Do not set expiry; rely on default session timeout.

      Solution

      1. Step 1: Understand session expiry reset behavior

        Calling set_expiry(300) on every request resets the expiry countdown, keeping session alive if user is active.

      2. Step 2: Evaluate other options

        Set set_expiry(300) once when the session is created only. sets expiry once, so session expires after 5 minutes regardless of activity. Set set_expiry(0) to expire on browser close and ignore activity. expires on browser close, ignoring time. Do not set expiry; rely on default session timeout. uses default timeout, no control.

      3. Final Answer:

        Set set_expiry(300) on every user request to reset expiry time. -> Option A

      4. Quick Check:

        Reset expiry on each request = Set set_expiry(300) on every user request to reset expiry time. [OK]
      Hint: Reset expiry timer on each request to keep session alive [OK]
      Common Mistakes:
      • Setting expiry only once at session creation
      • Using 0 expiry which ignores time
      • Relying on default timeout without control