Right way to check if session is valid


I am developing a custom service using python + django which interacts with a forum database. I need to verify if user session is valid.

Right now I:
  1. Check for 'xf_session' cookie.
  2. Check in a forum database if the session exists.
  3. Check if the session isn't expired (expiry_date > current date).
If I pass all these steps then I assume that user is logged in and I can do my stuff. It works as expected.

Could you tell me please if this approach is secure? Guess I need a few more verifications to prevent false logins, attacks and so on.

Last edited: