Bird
Raised Fist0
Djangoframework~10 mins

Session expiry behavior in Django - Step-by-Step Execution

Choose your learning style10 modes available
LearnWhyDeepVisualTryChallengeProjectRecallPerf

Start learning this pattern below

Jump into concepts and practice - no test required

or
Recommended
Test this pattern10 questions across easy, medium, and hard to know if this pattern is strong
Concept Flow - Session expiry behavior
User logs in
Session created with expiry time
User makes requests
Check if session expired?
NoContinue session
Yes
Session expired
User redirected to login
This flow shows how Django creates a session with an expiry time, checks it on each request, and expires it when time runs out.
Execution Sample
Django
from django.contrib.auth import logout

# User logs in
request.session.set_expiry(300)  # 5 minutes expiry

# On each request
if request.session.get_expiry_age() <= 0:
    # Session expired
    logout(request)
This code sets a session expiry of 5 minutes and checks on each request if the session has expired to log out the user.
Execution Table
StepActionSession Expiry Time (seconds)Time Passed (seconds)Session Valid?Result
1User logs in, session created3000YesSession active
2User makes request after 100s300100YesSession active
3User makes request after 299s300299YesSession active
4User makes request after 301s300301NoSession expired, user logged out
5User tries request after expiry300350NoRedirect to login
💡 Session expires when time passed exceeds expiry time (301 > 300 seconds)
Variable Tracker
VariableStartAfter Step 1After Step 2After Step 3After Step 4After Step 5
session_expiry_timeNone300300300300300
time_passed00100299301350
session_validFalseTrueTrueTrueFalseFalse
Key Moments - 2 Insights
Why does the session become invalid after 301 seconds but not at 299 seconds?
Because the session expiry time is set to 300 seconds. At 299 seconds, time passed is less than expiry, so session is valid. At 301 seconds, time passed exceeds expiry, so session is invalid (see execution_table rows 3 and 4).
What happens if the user tries to make a request after the session expired?
The session is no longer valid, so Django logs out the user and redirects to login (see execution_table row 5).
Visual Quiz - 3 Questions
Test your understanding
Look at the execution table, what is the session_valid value at step 3?
ATrue
BFalse
CNone
DError
💡 Hint
Check the 'Session Valid?' column at step 3 in the execution_table.
At which step does the session expire according to the execution table?
AStep 2
BStep 3
CStep 4
DStep 5
💡 Hint
Look for the first step where 'Session Valid?' is 'No' in the execution_table.
If the session expiry time was set to 600 seconds, how would the session_valid value change at step 4?
AIt would be False
BIt would be True
CIt would be None
DIt would cause an error
💡 Hint
Compare the time passed (301s) with the new expiry time (600s) in variable_tracker.
Concept Snapshot
Django sessions store user data with an expiry time.
Set expiry with request.session.set_expiry(seconds).
On each request, check expiry with get_expiry_age().
If expired, session is invalid and user is logged out.
Expired sessions redirect users to login.
This keeps user data secure and session fresh.
Full Transcript
In Django, when a user logs in, a session is created with a set expiry time, for example 300 seconds (5 minutes). Each time the user makes a request, Django checks if the session has expired by comparing the time passed since creation with the expiry time. If the time passed is less than the expiry, the session remains valid and the user continues. If the time passed exceeds the expiry, the session is invalidated, the user is logged out, and redirected to the login page. This process ensures sessions do not last forever and helps keep user data secure.

Practice

(1/5)
1. What does the set_expiry() method do in Django sessions?
easy
A. It encrypts the session data.
B. It deletes the session immediately.
C. It sets how long a user's session will last before expiring.
D. It creates a new session key for the user.

Solution

  1. Step 1: Understand the purpose of set_expiry()

    This method controls the lifetime of a session by setting its expiration time.

  2. Step 2: Compare options with the method's function

    Only It sets how long a user's session will last before expiring. correctly describes that set_expiry() sets how long the session lasts before it expires.

  3. Final Answer:

    It sets how long a user's session will last before expiring. -> Option C

  4. Quick Check:

    Session expiry time = set_expiry() [OK]
Hint: Remember: set_expiry controls session lifetime [OK]
Common Mistakes:
  • Confusing set_expiry() with session deletion
  • Thinking it creates or encrypts sessions
  • Assuming it resets session data
2. Which of the following is the correct way to set a session to expire in 300 seconds in Django?
easy
A. request.session.expire(300)
B. request.session.set_expiry(300)
C. request.set_expiry(300)
D. session.set_expiry_time(300)

Solution

  1. Step 1: Identify the correct method and object

    The method set_expiry() is called on request.session to set expiry time.

  2. Step 2: Check syntax correctness

    request.session.set_expiry(300) uses the correct method and object: request.session.set_expiry(300). Other options use incorrect method names or objects.

  3. Final Answer:

    request.session.set_expiry(300) -> Option B

  4. Quick Check:

    Correct method call = request.session.set_expiry(300) [OK]
Hint: Call set_expiry on request.session, not request [OK]
Common Mistakes:
  • Calling set_expiry on request instead of request.session
  • Using wrong method names like expire or set_expiry_time
  • Missing parentheses or wrong argument
3. Given this code snippet, what will be the session expiry behavior? 
request.session.set_expiry(0)
medium
A. The session expiry will use the default global timeout.
B. The session will never expire.
C. The session will expire after 0 seconds immediately.
D. The session will expire when the browser is closed.

Solution

  1. Step 1: Understand what passing 0 to set_expiry means

    In Django, setting expiry to 0 means the session expires when the browser closes (a browser-length session).

  2. Step 2: Compare with other options

    The session will expire when the browser is closed. matches this behavior. The session will never expire. is false because 0 does not mean never expire. The session will expire after 0 seconds immediately. is incorrect because it does not expire immediately. The session expiry will use the default global timeout. is incorrect because default timeout is overridden.

  3. Final Answer:

    The session will expire when the browser is closed. -> Option D

  4. Quick Check:

    set_expiry(0) = expire on browser close [OK]
Hint: 0 means expire on browser close, not immediately [OK]
Common Mistakes:
  • Thinking 0 means no expiry
  • Assuming immediate expiry at 0 seconds
  • Confusing with default session timeout
4. What is wrong with this code snippet if the goal is to set the session to expire after 10 minutes? 
request.session.set_expiry = 600
medium
A. It assigns a value to the method instead of calling it.
B. The expiry time should be in milliseconds, not seconds.
C. The session object does not have set_expiry attribute.
D. The value 600 is too large and causes an error.

Solution

  1. Step 1: Analyze the code syntax

    The code assigns 600 to set_expiry instead of calling it as a method with parentheses.

  2. Step 2: Understand correct usage

    The correct usage is request.session.set_expiry(600) to call the method and set expiry time.

  3. Final Answer:

    It assigns a value to the method instead of calling it. -> Option A

  4. Quick Check:

    Use parentheses to call set_expiry() [OK]
Hint: Use parentheses to call set_expiry(), not assignment [OK]
Common Mistakes:
  • Assigning value instead of calling method
  • Confusing seconds with milliseconds
  • Believing 600 causes error due to size
5. You want a session to expire after 5 minutes but also want to keep the session alive if the user is active. Which approach correctly achieves this in Django?
hard
A. Set set_expiry(300) on every user request to reset expiry time.
B. Set set_expiry(300) once when the session is created only.
C. Set set_expiry(0) to expire on browser close and ignore activity.
D. Do not set expiry; rely on default session timeout.

Solution

  1. Step 1: Understand session expiry reset behavior

    Calling set_expiry(300) on every request resets the expiry countdown, keeping session alive if user is active.

  2. Step 2: Evaluate other options

    Set set_expiry(300) once when the session is created only. sets expiry once, so session expires after 5 minutes regardless of activity. Set set_expiry(0) to expire on browser close and ignore activity. expires on browser close, ignoring time. Do not set expiry; rely on default session timeout. uses default timeout, no control.

  3. Final Answer:

    Set set_expiry(300) on every user request to reset expiry time. -> Option A

  4. Quick Check:

    Reset expiry on each request = Set set_expiry(300) on every user request to reset expiry time. [OK]
Hint: Reset expiry timer on each request to keep session alive [OK]
Common Mistakes:
  • Setting expiry only once at session creation
  • Using 0 expiry which ignores time
  • Relying on default timeout without control