Are there any concerns in using django session to store information?

Are they any pitfalls to using django session to stor开发者_开发百科e user information? in what situations should I avoid using this mechanism?

---

"The session framework lets you store and retrieve arbitrary data on a per-site-visitor basis", so if you're fine with that (the stored dictionary based information is available only for the specific user of that session, as long as you don't access the selected session backend otherwise) it's perfectly ok.

The only pitfalls I see could be introduced when using a cache-based session backend (cache invalidation, persistence of data, distribution of to-be-cached-data to multiple servers, things like that), specifically when the storage of data is different from your main storage (database) - say with memcached or file based caching.

---

One thing that surprised me with storing data in the sessions is what happens (or doesn't happen) when the user has the site open in two browsers (say once on their mobile, once on their desktop).

For example, I was having a performance problem and decided to fix it by making fewer hits to the database. The site's premise was that the mobile app was for viewing data but you do changes through the desktop site.

There was some logic like this:

if not session_data then:
    fetch_data_and_put_in_session
else:
    get_session_data_ftw()

If the user logged in on their mobile the session data was created from the database. If they then used their browser to make changes to the data they couldn't view it on their mobile until their session expired.