I am developing a custom service using python + django which interacts with a forum database. I need to verify if user session is valid.
Right now I:
- Check for 'xf_session' cookie.
- Check in a forum database if the session exists.
- Check if the session isn't expired (expiry_date > current date).
Could you tell me please if this approach is secure? Guess I need a few more verifications to prevent false logins, attacks and so on.