Django comes with a robust authentication system that handles both authentication and authorization. In this post let's talk about two of its methods authenticate()
and login()
.
authenticate()
The authenticate method is used to verify the user's credentials against the authentication backends defined in the project. it takes the user's credentials as arguments and returns user object if the credentials are valid and if the credentials are invalid then it returns None
login()
The login()
function is used to create user sessions and log them in. It takes a HttpRequest
object and a User object saves the user's ID in the session using Djangoโs session framework and sets a session cookie in the user's browser, allowing them to remain authenticated across different pages and requests.
Example to create a login_view using both methods
from django.contrib.auth import authenticate, login
from django.http import HttpResponse
from django.shortcuts import render
from django.contrib.auth.models import User
def login_view(request):
if request.method == 'POST':
username = request.POST['username']
password = request.POST['password']
user = authenticate(request, username=username, password=password)
if user is not None:
login(request, user)
return HttpResponse("Logged in successfully")
else:
return HttpResponse("Authentication failed. Please try again.")
return render(request, 'login.html')