Backend

Website authentication mechanism?

Good afternoon.
I started to do authentication on the site, I use Django 1.8 uwsgi with nginx
Naryl on a popular resource of programmers (everyone knows which one) such a mechanism:
The user logged in with the remember checkbox. - We wrote down the hash in the cookie and in the table, data in the session.
The user logged in without remember. - Expanded the session.
The user logged out - erased the cookie and hash (if any). Cleared the session.
The user went to the site session is open. - We continue to work.
The user went to the site, there is no data in the session. we will look for a cookie with a hash.
The user went to the site, there is no session, there is a cookie with a hash. - Check the hash, everything is OK. We expand the session.
The user went to the site, no session, no hash cookie. - Please log in.
There are two questions:
1) "The user entered the site, there is no data in the session. We will look for a cookie with a hash." I don’t understand this at all, how can data leak from the session if I completely control it on the server?
2) "The user entered the site, there is no session, there is a cookie with a hash. - Check the hash, everything is OK. Expand the session." How to check the hash here? As I understand it, this checkbox is for automatically entering the site, but if I have a cookie with a hash, will I have to return the user's id by hash from the database by the server logic? what if there is a collision? Still, I don’t understand something, now I store this hash in a table with users, should it be stored in a separate table and just checked?
And do I need to put the user id in the session? I put it because there may be pages in the interface with access privileges