Hello, I am developing a custom service using python + django which interacts with a forum database. I need to verify if user session is valid. Right now I: Check for 'xf_session' cookie. Check in a forum database if the session exists. Check if the session isn't expired (expiry_date > current date). If I pass all these steps then I assume that user is logged in and I can do my stuff. It works as expected. Could you tell me please if this approach is secure? Guess I need a few more verifications to prevent false logins, attacks and so on. Thanks.