If you’re using Django 1.4 or later, a new session backend is available to you which avoids server load and scaling problems: the signed_cookies backend!
This backend stores session data in a cookie which is stored by the user’s browser. The backend uses a cryptographic signing technique to ensure session data is not tampered with during transport (this is not the same as encryption, session data is still readable by an attacker).
The pros of this session engine are that it doesn’t require any additional dependencies or infrastructure overhead, and it scales indefinitely as long as the quantity of session data being stored fits into a normal cookie.
The biggest downside is that it places session data into storage on the user’s machine and transports it over the wire. It also limits the quantity of session data which can be stored.
For a thorough discussion of the security implications of this session backend, please read the Django documentation on cookie-based sessions.
