There are several settings you can use to configure sessions for your project. The most important is SESSION_ENGINE. This setting allows you to set the place where sessions are stored. By default, Django stores sessions in the database using the Session model of the django.contrib.sessions application.

Django offers the following options for storing session data:

• Database sessions: Session data is stored in the database. This is the default session engine.
• File-based sessions: Session data is stored in the filesystem.
• Cached sessions: Session data is stored in a cache backend. You can specify cache backends using the CACHES setting. Storing session data in a cache system provides the best performance.
• Cached database sessions: Session data is stored in a write-through cache and database. Reads-only use the database if the data is not already in the cache.
• Cookie-based sessions: Session data is stored in the cookies that are sent to the browser.

You can customize sessions with specific settings. Here are some of the important session-related settings:

• SESSION_COOKIE_AGE: The duration of session cookies in seconds. The default value is 1209600 (two weeks).
• SESSION_COOKIE_DOMAIN: The domain used for session cookies. Set this to mydomain.com to enable cross-domain cookies or use None for a standard domain cookie.
• SESSION_COOKIE_SECURE: A boolean indicating that the cookie should only be sent if the connection is an HTTPS connection.
• SESSION_EXPIRE_AT_BROWSER_CLOSE: A boolean indicating that the session has to expire when the browser is closed.
• SESSION_SAVE_EVERY_REQUEST: A boolean that, if True, will save the session to the database on every request. The session expiration is also updated each time it's saved.

You can see all the session settings and their default values at https://docs.djangoproject.com/en/2.0/ref/settings/#sessions.