Home/ Questions/Q 4616354
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-22T01:58:10+00:00

I’m trying to understand how session works in Django. Looking at the source code

  • 0

I’m trying to understand how session works in Django. Looking at the source code of SessionMiddleware: 

class SessionMiddleware(object): 
    def process_request(self, request): 
        engine = import_module(settings.SESSION_ENGINE) 
        session_key = request.COOKIES.get(settings.SESSION_COOKIE_NAME, None) 
        request.session = engine.SessionStore(session_key)

If I understand it correctly, for every request
SessionMiddleware.process_request() will get the sessionid from the
cookie and then create a new SessionStore instance using that
sessionid.

And when I looked at the source for __init__() of SessionStore and
SessionBase: 

  class SessionStore(SessionBase): 
      def __init__(self, session_key=None): 
          super(SessionStore, self).__init__(session_key) 

  class SessionBase(object): 
      def __init__(self, session_key=None): 
          self._session_key = session_key 
          self.accessed = False 
          self.modified = False

So basically SessionStore just creates a new instance without trying
to look up in the database to see whether a session with the specified sessionid already exists
or not. But shouldn’t that be the whole point of session — that for every
request Django needs to look up in the session database to see if the
session is already there? I’m guessing at some place this database lookup
takes place but I can’t find it.

Can you tell me where can i find it? Or did I misunderstand how
session work in Django?

Thanks

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    The third line of SessionMiddleware invokes a specific session engine, which dictates which SessionStore to use.

    If you go down into contrib/sessions/backends/base.py, you’ll see the following code:

    class SessionBase(object):

    ...

    def __getitem__(self, key):
        return self._session[key]

    def _get_session(self, no_load=False):
        """
        Lazily loads session from storage (unless "no_load" is True, when only
        an empty dict is stored) and stores it in the current instance.
        """
        self.accessed = True
        try:
            return self._session_cache
        except AttributeError:
            if self._session_key is None or no_load:
                self._session_cache = {}
            else:
                self._session_cache = self.load()
        return self._session_cache

    _session = property(_get_session)

    What this does is create a session proxy object, which the middleware has attached to the request. It does not load the session object from the database until you say:

    x = request.session['key']

    At which point, the __getitem__(self, key) attempts to dereference self._session, which (being a property) in turn returns a cached copy of the session dictionary for this transaction, or if no cache is available, fetches it from the store using the load() method. The load() method is implemented by specific child engines: database, file, cache, cache + db, etc.

    SessionStore is a lightweight proxy for a full session; it only becomes a full session, hitting the database, when you need to read or write data to the session object associated with the key encoded in the session id cookie.

    • 0