Django’s session and authentication frameworks are designed to Just Work™, and can seem pretty magical. Like the rest of Django, though, these parts aren’t magic — just Python. So let’s take a look at the internals of sessions and authentication and see how the whole thing works.

Our journey begins with the session middleware. You’ll see that the process_request method is pretty simple: it looks up the session engine setting, looks for a session key in the request’s cookies, and then sets request.session to a SessionStore instance.