We have been using django-session-security for about 2 years in our application, but its effectiveness has been spotty.
Sometimes the culprit is a clear interference from another piece of middleware or another change in our application - but currently our experience is that it works "some times". It will work for one user one time, then fail the next.

If i remove the warn/expire settings our application consistently expires the session cookie per the session cookie timeout setting.

Are there any common interfering factors that you can recommend looking into?

In this kind of case I would recommend:

• collect data,
• make the issue reproductible,
• isolate the issue in a sample project or test case.