Take a look at the session middleware and its settings. Specifically these two:
SESSION_COOKIE_AGE
Default: 1209600 (2 weeks, in seconds)
The age of session cookies, in
seconds.SESSION_SAVE_EVERY_REQUEST
Default: False
Whether to save the session data on
every request. If this is False
(default), then the session data will
only be saved if it has been modified
— that is, if any of its dictionary values have been assigned or deleted.
Setting a low SESSION_COOKIE_AGE and turning SESSION_SAVE_EVERY_REQUEST on should work to create “sliding” expiration.