Sessions help remember who a user is while they browse your website. This makes the site feel personal and secure.
In your Django settings.py file: # Enable session middleware MIDDLEWARE = [ 'django.contrib.sessions.middleware.SessionMiddleware', # other middleware ] # Choose session engine SESSION_ENGINE = 'django.contrib.sessions.backends.db' # default, stores sessions in database # Optional: session cookie settings SESSION_COOKIE_NAME = 'sessionid' SESSION_COOKIE_AGE = 1209600 # 2 weeks in seconds SESSION_COOKIE_SECURE = False # True if using HTTPS # Optional: session expiration SESSION_EXPIRE_AT_BROWSER_CLOSE = False
The SessionMiddleware must be in the MIDDLEWARE list for sessions to work.
You can change SESSION_ENGINE to store sessions in cache, files, or signed cookies.
SESSION_ENGINE = 'django.contrib.sessions.backends.cache'SESSION_ENGINE = 'django.contrib.sessions.backends.signed_cookies'SESSION_COOKIE_AGE = 3600SESSION_EXPIRE_AT_BROWSER_CLOSE = TrueThis example shows two simple views. One saves a value in the session, and the other reads it back.
from django.http import HttpResponse def set_session(request): request.session['favorite_color'] = 'blue' return HttpResponse('Session data saved.') def get_session(request): color = request.session.get('favorite_color', 'not set') return HttpResponse(f'Favorite color is {color}.')
Sessions rely on cookies, so users must have cookies enabled in their browsers.
Be careful not to store large or sensitive data directly in sessions.
Always include SessionMiddleware before any middleware that uses sessions.
Sessions let Django remember user data between page visits.
Enable sessions by adding SessionMiddleware and choosing a session engine.
Configure session cookie settings to control how long sessions last and their security.