• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

Right way to check if session is valid

#1
Hello,

I am developing a custom service using python + django which interacts with a forum database. I need to verify if user session is valid.

Right now I:
  1. Check for 'xf_session' cookie.
  2. Check in a forum database if the session exists.
  3. Check if the session isn't expired (expiry_date > current date).
If I pass all these steps then I assume that user is logged in and I can do my stuff. It works as expected.

Could you tell me please if this approach is secure? Guess I need a few more verifications to prevent false logins, attacks and so on.

Thanks.
 
Last edited: