Django’s session and authentication frameworks are designed to Just Work™, and can seem pretty magical. Like the rest of Django, though, these parts aren’t magic — just Python. So let’s take a look at the internals of sessions and authentication and see how the whole thing works.
Our journey begins with the session
middleware.
You’ll see that the process_request
method
is pretty simple: it looks up the session engine
setting,
looks for a session key in the request’s cookies, and then sets
request.session
to a SessionStore
instance.