This clears it up a bit. You’re not transferring data, you’re trying to delegate authentication.
So yes, I can see where forwarding the session id cookie to the iframe would actually be a worthwhile idea. Your JavaScript being loaded by the Django page will need to read the cookie and pass it to the iframe request - probably either as a url parameter or a query parameter.
Your flash app can then use the Redis api to retrieve the string from the redis key identified by the session id value, and use the Django decode functions to get the data from it.
Or, to avoid needing to use Django’s decode functions you can create your own redis key also based on the session id and write the necessary data to that key. I wouldn’t write middleware for this, I’d write the session id from the view where the person logs in. (There’s no need to do this in more than one place or more than one time, provided you use a suitably-long expiration value for that key.)
See the docs at Python guide | Redis for accessing Redis directly from your Python code.